├── .editorconfig
├── .fixtures.yml
├── .gitattributes
├── .github
├── CONTRIBUTING.md
├── ISSUE_TEMPLATE.md
├── PULL_REQUEST_TEMPLATE.md
├── labeler.yml
├── release.yml
└── workflows
│ ├── ci.yml
│ ├── labeler.yml
│ ├── prepare_release.yml
│ └── release.yml
├── .gitignore
├── .msync.yml
├── .overcommit.yml
├── .pmtignore
├── .puppet-lint.rc
├── .rubocop.yml
├── .sync.yml
├── CHANGELOG.md
├── CONTRIBUTORS
├── Gemfile
├── HISTORY.md
├── LICENSE
├── README.md
├── REFERENCE.md
├── Rakefile
├── data
├── Archlinux.yaml
├── Debian.yaml
├── Debian
│ └── 20.04.yaml
├── Gentoo.yaml
├── RedHat.yaml
├── RedHat
│ └── 9.yaml
└── Suse.yaml
├── examples
└── init.pp
├── functions
└── server_array_to_hash.pp
├── hiera.yaml
├── manifests
├── config.pp
├── init.pp
├── install.pp
└── service.pp
├── metadata.json
├── spec
├── acceptance
│ └── class_spec.rb
├── classes
│ └── chrony_spec.rb
├── setup_acceptance_node.pp
├── spec_helper.rb
├── spec_helper_acceptance.rb
└── type_aliases
│ └── servers_spec.rb
├── templates
├── chrony.conf.epp
└── chrony.keys.epp
└── types
└── servers.pp
/.editorconfig:
--------------------------------------------------------------------------------
1 | # editorconfig.org
2 |
3 | # Managed by modulesync - DO NOT EDIT
4 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
5 |
6 | root = true
7 |
8 | [*]
9 | charset = utf-8
10 | end_of_line = lf
11 | indent_size = 2
12 | tab_width = 2
13 | indent_style = space
14 | insert_final_newline = true
15 | trim_trailing_whitespace = true
16 |
--------------------------------------------------------------------------------
/.fixtures.yml:
--------------------------------------------------------------------------------
1 | ---
2 | fixtures:
3 | repositories:
4 | stdlib: https://github.com/puppetlabs/puppetlabs-stdlib.git
5 |
--------------------------------------------------------------------------------
/.gitattributes:
--------------------------------------------------------------------------------
1 | *.rb eol=lf
2 | *.erb eol=lf
3 | *.pp eol=lf
4 | *.sh eol=lf
5 | *.epp eol=lf
6 |
--------------------------------------------------------------------------------
/.github/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | # Contribution guidelines
2 |
3 | ## Table of contents
4 |
5 | * [Contributing](#contributing)
6 | * [Writing proper commits - short version](#writing-proper-commits-short-version)
7 | * [Writing proper commits - long version](#writing-proper-commits-long-version)
8 | * [Dependencies](#dependencies)
9 | * [Note for OS X users](#note-for-os-x-users)
10 | * [The test matrix](#the-test-matrix)
11 | * [Syntax and style](#syntax-and-style)
12 | * [Running the unit tests](#running-the-unit-tests)
13 | * [Unit tests in docker](#unit-tests-in-docker)
14 | * [Integration tests](#integration-tests)
15 |
16 | This module has grown over time based on a range of contributions from
17 | people using it. If you follow these contributing guidelines your patch
18 | will likely make it into a release a little more quickly.
19 |
20 | ## Contributing
21 |
22 | Please note that this project is released with a Contributor Code of Conduct.
23 | By participating in this project you agree to abide by its terms.
24 | [Contributor Code of Conduct](https://voxpupuli.org/coc/).
25 |
26 | * Fork the repo.
27 | * Create a separate branch for your change.
28 | * We only take pull requests with passing tests, and documentation. [GitHub Actions](https://docs.github.com/en/actions) run the tests for us. You can also execute them locally. This is explained [in a later section](#the-test-matrix).
29 | * Checkout [our docs](https://voxpupuli.org/docs/reviewing_pr/) we use to review a module and the [official styleguide](https://puppet.com/docs/puppet/6.0/style_guide.html). They provide some guidance for new code that might help you before you submit a pull request.
30 | * Add a test for your change. Only refactoring and documentation changes require no new tests. If you are adding functionality or fixing a bug, please add a test.
31 | * Squash your commits down into logical components. Make sure to rebase against our current master.
32 | * Push the branch to your fork and submit a pull request.
33 |
34 | Please be prepared to repeat some of these steps as our contributors review your code.
35 |
36 | Also consider sending in your profile code that calls this component module as an acceptance test or provide it via an issue. This helps reviewers a lot to test your use case and prevents future regressions!
37 |
38 | ## Writing proper commits - short version
39 |
40 | * Make commits of logical units.
41 | * Check for unnecessary whitespace with "git diff --check" before committing.
42 | * Commit using Unix line endings (check the settings around "crlf" in git-config(1)).
43 | * Do not check in commented out code or unneeded files.
44 | * The first line of the commit message should be a short description (50 characters is the soft limit, excluding ticket number(s)), and should skip the full stop.
45 | * Associate the issue in the message. The first line should include the issue number in the form "(#XXXX) Rest of message".
46 | * The body should provide a meaningful commit message, which:
47 | *uses the imperative, present tense: `change`, not `changed` or `changes`.
48 | * includes motivation for the change, and contrasts its implementation with the previous behavior.
49 | * Make sure that you have tests for the bug you are fixing, or feature you are adding.
50 | * Make sure the test suites passes after your commit:
51 | * When introducing a new feature, make sure it is properly documented in the README.md
52 |
53 | ## Writing proper commits - long version
54 |
55 | 1. Make separate commits for logically separate changes.
56 |
57 | Please break your commits down into logically consistent units
58 | which include new or changed tests relevant to the rest of the
59 | change. The goal of doing this is to make the diff easier to
60 | read for whoever is reviewing your code. In general, the easier
61 | your diff is to read, the more likely someone will be happy to
62 | review it and get it into the code base.
63 |
64 | If you are going to refactor a piece of code, please do so as a
65 | separate commit from your feature or bug fix changes.
66 |
67 | We also really appreciate changes that include tests to make
68 | sure the bug is not re-introduced, and that the feature is not
69 | accidentally broken.
70 |
71 | Describe the technical detail of the change(s). If your
72 | description starts to get too long, that is a good sign that you
73 | probably need to split up your commit into more finely grained
74 | pieces.
75 |
76 | Commits which plainly describe the things which help
77 | reviewers check the patch and future developers understand the
78 | code are much more likely to be merged in with a minimum of
79 | bike-shedding or requested changes. Ideally, the commit message
80 | would include information, and be in a form suitable for
81 | inclusion in the release notes for the version of Puppet that
82 | includes them.
83 |
84 | Please also check that you are not introducing any trailing
85 | whitespace or other "whitespace errors". You can do this by
86 | running "git diff --check" on your changes before you commit.
87 |
88 | 2. Sending your patches
89 |
90 | To submit your changes via a GitHub pull request, we _highly_
91 | recommend that you have them on a topic branch, instead of
92 | directly on `master`.
93 | It makes things much easier to keep track of, especially if
94 | you decide to work on another thing before your first change
95 | is merged in.
96 |
97 | GitHub has some pretty good
98 | [general documentation](http://help.github.com/) on using
99 | their site. They also have documentation on
100 | [creating pull requests](http://help.github.com/send-pull-requests/).
101 |
102 | In general, after pushing your topic branch up to your
103 | repository on GitHub, you can switch to the branch in the
104 | GitHub UI and click "Pull Request" towards the top of the page
105 | in order to open a pull request.
106 |
107 |
108 | 3. Update the related GitHub issue.
109 |
110 | If there is a GitHub issue associated with the change you
111 | submitted, then you should update the ticket to include the
112 | location of your branch, along with any other commentary you
113 | may wish to make.
114 |
115 | ## Dependencies
116 |
117 | The testing and development tools have a bunch of dependencies,
118 | all managed by [bundler](http://bundler.io/) according to the
119 | [Puppet support matrix](http://docs.puppetlabs.com/guides/platforms.html#ruby-versions).
120 |
121 | By default the tests use a baseline version of Puppet.
122 |
123 | If you have Ruby 2.x or want a specific version of Puppet,
124 | you must set an environment variable such as:
125 |
126 | ```sh
127 | export PUPPET_GEM_VERSION="~> 6.1.0"
128 | ```
129 |
130 | You can install all needed gems for spec tests into the modules directory by
131 | running:
132 |
133 | ```sh
134 | bundle config set --local path '.vendor/'
135 | bundle config set --local without 'development system_tests release'
136 | bundle install --jobs "$(nproc)"
137 | ```
138 |
139 | If you also want to run acceptance tests:
140 |
141 | ```sh
142 | bundle config set --local path '.vendor/'
143 | bundle config set --local without 'development release'
144 | bundle config set --local with 'system_tests'
145 | bundle install --jobs "$(nproc)"
146 | ```
147 |
148 | Our all in one solution if you don't know if you need to install or update gems:
149 |
150 | ```sh
151 | bundle config set --local path '.vendor/'
152 | bundle config set --local without 'development release'
153 | bundle config set --local with 'system_tests'
154 | bundle install --jobs "$(nproc)"
155 | bundle update
156 | bundle clean
157 | ```
158 |
159 | As an alternative to the `--jobs "$(nproc)` parameter, you can set an
160 | environment variable:
161 |
162 | ```sh
163 | BUNDLE_JOBS="$(nproc)"
164 | ```
165 |
166 | ### Note for OS X users
167 |
168 | `nproc` isn't a valid command under OS x. As an alternative, you can do:
169 |
170 | ```sh
171 | --jobs "$(sysctl -n hw.ncpu)"
172 | ```
173 |
174 | ## The test matrix
175 |
176 | ### Syntax and style
177 |
178 | The test suite will run [Puppet Lint](http://puppet-lint.com/) and
179 | [Puppet Syntax](https://github.com/gds-operations/puppet-syntax) to
180 | check various syntax and style things. You can run these locally with:
181 |
182 | ```sh
183 | bundle exec rake lint
184 | bundle exec rake validate
185 | ```
186 |
187 | It will also run some [Rubocop](http://batsov.com/rubocop/) tests
188 | against it. You can run those locally ahead of time with:
189 |
190 | ```sh
191 | bundle exec rake rubocop
192 | ```
193 |
194 | ### Running the unit tests
195 |
196 | The unit test suite covers most of the code, as mentioned above please
197 | add tests if you're adding new functionality. If you've not used
198 | [rspec-puppet](http://rspec-puppet.com/) before then feel free to ask
199 | about how best to test your new feature.
200 |
201 | To run the linter, the syntax checker and the unit tests:
202 |
203 | ```sh
204 | bundle exec rake test
205 | ```
206 |
207 | To run your all the unit tests
208 |
209 | ```sh
210 | bundle exec rake spec
211 | ```
212 |
213 | To run a specific spec test set the `SPEC` variable:
214 |
215 | ```sh
216 | bundle exec rake spec SPEC=spec/foo_spec.rb
217 | ```
218 |
219 | #### Unit tests in docker
220 |
221 | Some people don't want to run the dependencies locally or don't want to install
222 | ruby. We ship a Dockerfile that enables you to run all unit tests and linting.
223 | You only need to run:
224 |
225 | ```sh
226 | docker build .
227 | ```
228 |
229 | Please ensure that a docker daemon is running and that your user has the
230 | permission to talk to it. You can specify a remote docker host by setting the
231 | `DOCKER_HOST` environment variable. it will copy the content of the module into
232 | the docker image. So it will not work if a Gemfile.lock exists.
233 |
234 | ### Integration tests
235 |
236 | The unit tests just check the code runs, not that it does exactly what
237 | we want on a real machine. For that we're using
238 | [beaker](https://github.com/puppetlabs/beaker).
239 |
240 | This fires up a new virtual machine (using vagrant) and runs a series of
241 | simple tests against it after applying the module. You can run this
242 | with:
243 |
244 | ```sh
245 | BEAKER_PUPPET_COLLECTION=puppet7 BEAKER_setfile=debian11-64 bundle exec rake beaker
246 | ```
247 |
248 | or
249 |
250 | ```sh
251 | BEAKER_PUPPET_COLLECTION=none BEAKER_setfile=archlinux-64 bundle exec rake beaker
252 | ```
253 |
254 | This latter example will use the distribution's own version of Puppet.
255 |
256 | You can replace the string `debian11` with any common operating system.
257 | The following strings are known to work:
258 |
259 | * ubuntu2004
260 | * ubuntu2204
261 | * debian11
262 | * debian12
263 | * centos9
264 | * archlinux
265 | * almalinux8
266 | * almalinux9
267 | * fedora36
268 |
269 | For more information and tips & tricks, see [voxpupuli-acceptance's documentation](https://github.com/voxpupuli/voxpupuli-acceptance#running-tests).
270 |
271 | The source of this file is in our [modulesync_config](https://github.com/voxpupuli/modulesync_config/blob/master/moduleroot/.github/CONTRIBUTING.md.erb)
272 | repository.
273 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE.md:
--------------------------------------------------------------------------------
1 |
10 |
11 | ## Affected Puppet, Ruby, OS and module versions/distributions
12 |
13 | - Puppet:
14 | - Ruby:
15 | - Distribution:
16 | - Module version:
17 |
18 | ## How to reproduce (e.g Puppet code you use)
19 |
20 | ## What are you seeing
21 |
22 | ## What behaviour did you expect instead
23 |
24 | ## Output log
25 |
26 | ## Any additional information you'd like to impart
27 |
--------------------------------------------------------------------------------
/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 |
9 | #### Pull Request (PR) description
10 |
13 |
14 | #### This Pull Request (PR) fixes the following issues
15 |
21 |
--------------------------------------------------------------------------------
/.github/labeler.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Managed by modulesync - DO NOT EDIT
3 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
4 |
5 | skip-changelog:
6 | - head-branch: ['^release-*', 'release']
7 |
--------------------------------------------------------------------------------
/.github/release.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Managed by modulesync - DO NOT EDIT
3 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
4 |
5 | # https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes
6 |
7 | changelog:
8 | exclude:
9 | labels:
10 | - duplicate
11 | - invalid
12 | - modulesync
13 | - question
14 | - skip-changelog
15 | - wont-fix
16 | - wontfix
17 |
18 | categories:
19 | - title: Breaking Changes 🛠
20 | labels:
21 | - backwards-incompatible
22 |
23 | - title: New Features 🎉
24 | labels:
25 | - enhancement
26 |
27 | - title: Bug Fixes 🐛
28 | labels:
29 | - bug
30 |
31 | - title: Documentation Updates 📚
32 | labels:
33 | - documentation
34 | - docs
35 |
36 | - title: Dependency Updates ⬆️
37 | labels:
38 | - dependencies
39 |
40 | - title: Other Changes
41 | labels:
42 | - "*"
43 |
--------------------------------------------------------------------------------
/.github/workflows/ci.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Managed by modulesync - DO NOT EDIT
3 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
4 |
5 | name: CI
6 |
7 | # yamllint disable-line rule:truthy
8 | on:
9 | pull_request: {}
10 | push:
11 | branches:
12 | - main
13 | - master
14 |
15 | concurrency:
16 | group: ${{ github.ref_name }}
17 | cancel-in-progress: true
18 |
19 | jobs:
20 | puppet:
21 | name: Puppet
22 | uses: voxpupuli/gha-puppet/.github/workflows/beaker.yml@v3
23 |
--------------------------------------------------------------------------------
/.github/workflows/labeler.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Managed by modulesync - DO NOT EDIT
3 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
4 |
5 | name: "Pull Request Labeler"
6 |
7 | # yamllint disable-line rule:truthy
8 | on:
9 | pull_request_target: {}
10 |
11 | jobs:
12 | labeler:
13 | permissions:
14 | contents: read
15 | pull-requests: write
16 | runs-on: ubuntu-latest
17 | steps:
18 | - uses: actions/labeler@v5
19 |
--------------------------------------------------------------------------------
/.github/workflows/prepare_release.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Managed by modulesync - DO NOT EDIT
3 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
4 |
5 | name: 'Prepare Release'
6 |
7 | on:
8 | workflow_dispatch:
9 | inputs:
10 | version:
11 | description: 'Module version to be released. Must be a valid semver string without leading v. (1.2.3)'
12 | required: false
13 |
14 | jobs:
15 | release_prep:
16 | uses: 'voxpupuli/gha-puppet/.github/workflows/prepare_release.yml@v3'
17 | with:
18 | version: ${{ github.event.inputs.version }}
19 | allowed_owner: 'voxpupuli'
20 | secrets:
21 | # Configure secrets here:
22 | # https://docs.github.com/en/actions/security-guides/encrypted-secrets
23 | github_pat: '${{ secrets.PCCI_PAT_RELEASE_PREP }}'
24 |
--------------------------------------------------------------------------------
/.github/workflows/release.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Managed by modulesync - DO NOT EDIT
3 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
4 |
5 | name: Release
6 |
7 | # yamllint disable-line rule:truthy
8 | on:
9 | push:
10 | tags:
11 | - '*'
12 |
13 | jobs:
14 | release:
15 | name: Release
16 | uses: voxpupuli/gha-puppet/.github/workflows/release.yml@v3
17 | with:
18 | allowed_owner: 'voxpupuli'
19 | secrets:
20 | # Configure secrets here:
21 | # https://docs.github.com/en/actions/security-guides/encrypted-secrets
22 | username: ${{ secrets.PUPPET_FORGE_USERNAME }}
23 | api_key: ${{ secrets.PUPPET_FORGE_API_KEY }}
24 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # Managed by modulesync - DO NOT EDIT
2 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
3 |
4 | /pkg/
5 | /Gemfile.lock
6 | /Gemfile.local
7 | /vendor/
8 | /.vendor/
9 | /spec/fixtures/manifests/
10 | /spec/fixtures/modules/
11 | /.vagrant/
12 | /.bundle/
13 | /.ruby-version
14 | /coverage/
15 | /log/
16 | /.idea/
17 | /.dependencies/
18 | /.librarian/
19 | /Puppetfile.lock
20 | *.iml
21 | .*.sw?
22 | /.yardoc/
23 | /Guardfile
24 | bolt-debug.log
25 | .rerun.json
26 |
--------------------------------------------------------------------------------
/.msync.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Managed by modulesync - DO NOT EDIT
3 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
4 |
5 | modulesync_config_version: '9.7.0'
6 |
--------------------------------------------------------------------------------
/.overcommit.yml:
--------------------------------------------------------------------------------
1 | # Managed by modulesync - DO NOT EDIT
2 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
3 | #
4 | # Hooks are only enabled if you take action.
5 | #
6 | # To enable the hooks run:
7 | #
8 | # ```
9 | # bundle exec overcommit --install
10 | # # ensure .overcommit.yml does not harm to you and then
11 | # bundle exec overcommit --sign
12 | # ```
13 | #
14 | # (it will manage the .git/hooks directory):
15 | #
16 | # Examples howto skip a test for a commit or push:
17 | #
18 | # ```
19 | # SKIP=RuboCop git commit
20 | # SKIP=PuppetLint git commit
21 | # SKIP=RakeTask git push
22 | # ```
23 | #
24 | # Don't invoke overcommit at all:
25 | #
26 | # ```
27 | # OVERCOMMIT_DISABLE=1 git commit
28 | # ```
29 | #
30 | # Read more about overcommit: https://github.com/brigade/overcommit
31 | #
32 | # To manage this config yourself in your module add
33 | #
34 | # ```
35 | # .overcommit.yml:
36 | # unmanaged: true
37 | # ```
38 | #
39 | # to your modules .sync.yml config
40 | ---
41 | PreCommit:
42 | RuboCop:
43 | enabled: true
44 | description: 'Runs rubocop on modified files only'
45 | command: ['bundle', 'exec', 'rubocop']
46 | RakeTarget:
47 | enabled: true
48 | description: 'Runs lint on modified files only'
49 | targets:
50 | - 'lint'
51 | command: ['bundle', 'exec', 'rake']
52 | YamlSyntax:
53 | enabled: true
54 | JsonSyntax:
55 | enabled: true
56 | TrailingWhitespace:
57 | enabled: true
58 |
59 | PrePush:
60 | RakeTarget:
61 | enabled: true
62 | description: 'Run rake targets'
63 | targets:
64 | - 'validate'
65 | - 'test'
66 | - 'rubocop'
67 | command: ['bundle', 'exec', 'rake']
68 |
--------------------------------------------------------------------------------
/.pmtignore:
--------------------------------------------------------------------------------
1 | # Managed by modulesync - DO NOT EDIT
2 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
3 |
4 | /docs/
5 | /pkg/
6 | /Gemfile
7 | /Gemfile.lock
8 | /Gemfile.local
9 | /vendor/
10 | /.vendor/
11 | /spec/
12 | /Rakefile
13 | /.vagrant/
14 | /.bundle/
15 | /.ruby-version
16 | /coverage/
17 | /log/
18 | /.idea/
19 | /.dependencies/
20 | /.github/
21 | /.librarian/
22 | /Puppetfile.lock
23 | /Puppetfile
24 | *.iml
25 | /.editorconfig
26 | /.fixtures.yml
27 | /.gitignore
28 | /.msync.yml
29 | /.overcommit.yml
30 | /.pmtignore
31 | /.rspec
32 | /.rspec_parallel
33 | /.rubocop.yml
34 | /.sync.yml
35 | .*.sw?
36 | /.yardoc/
37 | /.yardopts
38 | /Dockerfile
39 | /HISTORY.md
40 |
--------------------------------------------------------------------------------
/.puppet-lint.rc:
--------------------------------------------------------------------------------
1 | # Managed by modulesync - DO NOT EDIT
2 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
3 |
4 | --fail-on-warnings
5 |
--------------------------------------------------------------------------------
/.rubocop.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Managed by modulesync - DO NOT EDIT
3 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
4 |
5 | inherit_gem:
6 | voxpupuli-test: rubocop.yml
7 |
--------------------------------------------------------------------------------
/.sync.yml:
--------------------------------------------------------------------------------
1 | ---
2 | .puppet-lint.rc:
3 | enabled_lint_checks:
4 | - parameter_documentation
5 | - parameter_types
6 | spec/spec_helper.rb:
7 | mock_with: ':rspec'
8 | spec/spec_helper_acceptance.rb:
9 | unmanaged: false
10 |
--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
1 | # Changelog
2 |
3 | All notable changes to this project will be documented in this file.
4 | Each new release typically also includes the latest modulesync defaults.
5 | These should not affect the functionality of the module.
6 |
7 | ## [v4.0.0](https://github.com/voxpupuli/puppet-chrony/tree/v4.0.0) (2025-04-04)
8 |
9 | [Full Changelog](https://github.com/voxpupuli/puppet-chrony/compare/v3.0.0...v4.0.0)
10 |
11 | **Breaking changes:**
12 |
13 | - Drop EoL Debian 10 support [\#206](https://github.com/voxpupuli/puppet-chrony/pull/206) ([bastelfreak](https://github.com/bastelfreak))
14 | - Drop support for EL7 [\#201](https://github.com/voxpupuli/puppet-chrony/pull/201) ([jhoblitt](https://github.com/jhoblitt))
15 | - Drop EoL Ubuntu 18.04 [\#134](https://github.com/voxpupuli/puppet-chrony/pull/134) ([kenyon](https://github.com/kenyon))
16 |
17 | **Implemented enhancements:**
18 |
19 | - metadata.json: Add OpenVox [\#204](https://github.com/voxpupuli/puppet-chrony/pull/204) ([jstraw](https://github.com/jstraw))
20 | - Add support for AlmaLinux & Rocky 8 & 9 [\#202](https://github.com/voxpupuli/puppet-chrony/pull/202) ([jhoblitt](https://github.com/jhoblitt))
21 | - Add 'orphan' mode flag. [\#192](https://github.com/voxpupuli/puppet-chrony/pull/192) ([benjunmun](https://github.com/benjunmun))
22 | - Add OracleLinux 8 & 9 support [\#187](https://github.com/voxpupuli/puppet-chrony/pull/187) ([bastelfreak](https://github.com/bastelfreak))
23 | - Add CentOS 9 support [\#186](https://github.com/voxpupuli/puppet-chrony/pull/186) ([bastelfreak](https://github.com/bastelfreak))
24 | - Add Debian 11 & 12 support [\#185](https://github.com/voxpupuli/puppet-chrony/pull/185) ([bastelfreak](https://github.com/bastelfreak))
25 | - Add Ubuntu 22.04 & 24.04 support [\#184](https://github.com/voxpupuli/puppet-chrony/pull/184) ([bastelfreak](https://github.com/bastelfreak))
26 |
27 | **Merged pull requests:**
28 |
29 | - Eliminate Workaround for Sensitive [\#196](https://github.com/voxpupuli/puppet-chrony/pull/196) ([cocker-cc](https://github.com/cocker-cc))
30 | - Drop pidfile\_workaround from Beaker testing [\#181](https://github.com/voxpupuli/puppet-chrony/pull/181) ([ekohl](https://github.com/ekohl))
31 |
32 | ## [v3.0.0](https://github.com/voxpupuli/puppet-chrony/tree/v3.0.0) (2023-06-22)
33 |
34 | [Full Changelog](https://github.com/voxpupuli/puppet-chrony/compare/v2.6.0...v3.0.0)
35 |
36 | **Breaking changes:**
37 |
38 | - Drop EoL Debian 9 [\#173](https://github.com/voxpupuli/puppet-chrony/pull/173) ([traylenator](https://github.com/traylenator))
39 | - Drop Puppet 6 support [\#170](https://github.com/voxpupuli/puppet-chrony/pull/170) ([bastelfreak](https://github.com/bastelfreak))
40 |
41 | **Implemented enhancements:**
42 |
43 | - puppetlabs/stdlib: Allow 9.x [\#175](https://github.com/voxpupuli/puppet-chrony/pull/175) ([bastelfreak](https://github.com/bastelfreak))
44 | - Add puppet 8 support [\#174](https://github.com/voxpupuli/puppet-chrony/pull/174) ([bastelfreak](https://github.com/bastelfreak))
45 | - add RHEL 9 to supported OS [\#168](https://github.com/voxpupuli/puppet-chrony/pull/168) ([tuxmea](https://github.com/tuxmea))
46 |
47 | **Fixed bugs:**
48 |
49 | - init: queryhosts and denyqueryhosts should accept empty strings [\#163](https://github.com/voxpupuli/puppet-chrony/pull/163) ([kenyon](https://github.com/kenyon))
50 |
51 | **Merged pull requests:**
52 |
53 | - chrony\_spec: remove redundant code [\#164](https://github.com/voxpupuli/puppet-chrony/pull/164) ([kenyon](https://github.com/kenyon))
54 |
55 | ## [v2.6.0](https://github.com/voxpupuli/puppet-chrony/tree/v2.6.0) (2022-11-16)
56 |
57 | [Full Changelog](https://github.com/voxpupuli/puppet-chrony/compare/v2.5.0...v2.6.0)
58 |
59 | **Implemented enhancements:**
60 |
61 | - allow logchange to be a float with an arbitrary range [\#161](https://github.com/voxpupuli/puppet-chrony/pull/161) ([jhoblitt](https://github.com/jhoblitt))
62 |
63 | ## [v2.5.0](https://github.com/voxpupuli/puppet-chrony/tree/v2.5.0) (2022-08-11)
64 |
65 | [Full Changelog](https://github.com/voxpupuli/puppet-chrony/compare/v2.4.1...v2.5.0)
66 |
67 | **Implemented enhancements:**
68 |
69 | - make config\_keys option optional [\#156](https://github.com/voxpupuli/puppet-chrony/pull/156) ([bastelfreak](https://github.com/bastelfreak))
70 |
71 | ## [v2.4.1](https://github.com/voxpupuli/puppet-chrony/tree/v2.4.1) (2022-08-02)
72 |
73 | [Full Changelog](https://github.com/voxpupuli/puppet-chrony/compare/v2.4.0...v2.4.1)
74 |
75 | **Implemented enhancements:**
76 |
77 | - Add more config settings and prep EL9 support [\#151](https://github.com/voxpupuli/puppet-chrony/pull/151) ([jcpunk](https://github.com/jcpunk))
78 | - Allow the password to be a Sensitive string. [\#150](https://github.com/voxpupuli/puppet-chrony/pull/150) ([jcpunk](https://github.com/jcpunk))
79 |
80 | **Merged pull requests:**
81 |
82 | - Identify the chrony files as being managed by puppet. [\#153](https://github.com/voxpupuli/puppet-chrony/pull/153) ([bschonec](https://github.com/bschonec))
83 |
84 | ## [v2.4.0](https://github.com/voxpupuli/puppet-chrony/tree/v2.4.0) (2022-04-19)
85 |
86 | [Full Changelog](https://github.com/voxpupuli/puppet-chrony/compare/v2.3.0...v2.4.0)
87 |
88 | **Implemented enhancements:**
89 |
90 | - Add `sched_priority` and `logbanner` options. [\#148](https://github.com/voxpupuli/puppet-chrony/pull/148) ([jcpunk](https://github.com/jcpunk))
91 |
92 | **Merged pull requests:**
93 |
94 | - Update github URLs to remove unauthenticated git [\#147](https://github.com/voxpupuli/puppet-chrony/pull/147) ([gcoxmoz](https://github.com/gcoxmoz))
95 |
96 | ## [v2.3.0](https://github.com/voxpupuli/puppet-chrony/tree/v2.3.0) (2022-03-20)
97 |
98 | [Full Changelog](https://github.com/voxpupuli/puppet-chrony/compare/v2.2.0...v2.3.0)
99 |
100 | **Implemented enhancements:**
101 |
102 | - Add support for several NTS settings. [\#145](https://github.com/voxpupuli/puppet-chrony/pull/145) ([Heidistein](https://github.com/Heidistein))
103 | - Add confdir \(chrony.cond.d\) support [\#144](https://github.com/voxpupuli/puppet-chrony/pull/144) ([Heidistein](https://github.com/Heidistein))
104 | - Add support for ntpsigndsocket [\#139](https://github.com/voxpupuli/puppet-chrony/pull/139) ([ipoddubny](https://github.com/ipoddubny))
105 |
106 | **Closed issues:**
107 |
108 | - ntpdsigndsocket option missing [\#107](https://github.com/voxpupuli/puppet-chrony/issues/107)
109 | - Are we creating a invalid keyfile? [\#91](https://github.com/voxpupuli/puppet-chrony/issues/91)
110 |
111 | ## [v2.2.0](https://github.com/voxpupuli/puppet-chrony/tree/v2.2.0) (2022-03-07)
112 |
113 | [Full Changelog](https://github.com/voxpupuli/puppet-chrony/compare/v2.1.0...v2.2.0)
114 |
115 | **Implemented enhancements:**
116 |
117 | - remove params.pp, use hiera data instead [\#135](https://github.com/voxpupuli/puppet-chrony/pull/135) ([kenyon](https://github.com/kenyon))
118 |
119 | **Fixed bugs:**
120 |
121 | - Arch Linux: also manage chrony-wait.service [\#141](https://github.com/voxpupuli/puppet-chrony/pull/141) ([bastelfreak](https://github.com/bastelfreak))
122 |
123 | ## [v2.1.0](https://github.com/voxpupuli/puppet-chrony/tree/v2.1.0) (2021-11-23)
124 |
125 | [Full Changelog](https://github.com/voxpupuli/puppet-chrony/compare/v2.0.0...v2.1.0)
126 |
127 | **Implemented enhancements:**
128 |
129 | - Manage chrony-wait.service on RedHat and Suse [\#127](https://github.com/voxpupuli/puppet-chrony/pull/127) ([traylenator](https://github.com/traylenator))
130 | - Add Ubuntu support [\#125](https://github.com/voxpupuli/puppet-chrony/pull/125) ([kenyon](https://github.com/kenyon))
131 | - Add support for maxdistance [\#122](https://github.com/voxpupuli/puppet-chrony/pull/122) ([hoffie](https://github.com/hoffie))
132 |
133 | **Fixed bugs:**
134 |
135 | - Actually test services are running [\#128](https://github.com/voxpupuli/puppet-chrony/pull/128) ([traylenator](https://github.com/traylenator))
136 |
137 | **Merged pull requests:**
138 |
139 | - Allow stdlib 8.0.0 [\#126](https://github.com/voxpupuli/puppet-chrony/pull/126) ([smortex](https://github.com/smortex))
140 | - Avoid duplicating variables [\#123](https://github.com/voxpupuli/puppet-chrony/pull/123) ([smortex](https://github.com/smortex))
141 |
142 | ## [v2.0.0](https://github.com/voxpupuli/puppet-chrony/tree/v2.0.0) (2021-07-08)
143 |
144 | [Full Changelog](https://github.com/voxpupuli/puppet-chrony/compare/v1.0.0...v2.0.0)
145 |
146 | **Breaking changes:**
147 |
148 | - Drop EoL Puppet 5 support; Add Puppet 7 [\#117](https://github.com/voxpupuli/puppet-chrony/pull/117) ([smortex](https://github.com/smortex))
149 |
150 | **Implemented enhancements:**
151 |
152 | - Add initstepslew [\#116](https://github.com/voxpupuli/puppet-chrony/pull/116) ([jasonknudsen](https://github.com/jasonknudsen))
153 | - Allow users to not set local stratum [\#113](https://github.com/voxpupuli/puppet-chrony/pull/113) ([unixsurfer](https://github.com/unixsurfer))
154 | - Add support for maxupdateskew [\#112](https://github.com/voxpupuli/puppet-chrony/pull/112) ([unixsurfer](https://github.com/unixsurfer))
155 | - add bindaddress option [\#110](https://github.com/voxpupuli/puppet-chrony/pull/110) ([jhunt-steds](https://github.com/jhunt-steds))
156 |
157 | **Fixed bugs:**
158 |
159 | - Fix CI on CentOS [\#114](https://github.com/voxpupuli/puppet-chrony/pull/114) ([smortex](https://github.com/smortex))
160 |
161 | **Closed issues:**
162 |
163 | - Make a new release [\#115](https://github.com/voxpupuli/puppet-chrony/issues/115)
164 |
165 | **Merged pull requests:**
166 |
167 | - Allow stdlib version 7.x [\#119](https://github.com/voxpupuli/puppet-chrony/pull/119) ([smortex](https://github.com/smortex))
168 | - Add support for Debian 10 [\#118](https://github.com/voxpupuli/puppet-chrony/pull/118) ([smortex](https://github.com/smortex))
169 | - Drop text pointing to previous repo/version [\#108](https://github.com/voxpupuli/puppet-chrony/pull/108) ([jcpunk](https://github.com/jcpunk))
170 |
171 | ## [v1.0.0](https://github.com/voxpupuli/puppet-chrony/tree/v1.0.0) (2021-01-05)
172 |
173 | [Full Changelog](https://github.com/voxpupuli/puppet-chrony/compare/v0.4.0...v1.0.0)
174 |
175 | **Breaking changes:**
176 |
177 | - Drop EoL Debian 8 support [\#105](https://github.com/voxpupuli/puppet-chrony/pull/105) ([bastelfreak](https://github.com/bastelfreak))
178 | - Drop Eol CentOS 6 support [\#104](https://github.com/voxpupuli/puppet-chrony/pull/104) ([bastelfreak](https://github.com/bastelfreak))
179 |
180 | **Fixed bugs:**
181 |
182 | - Restore behaviour of `servers` and `pools` parameters [\#103](https://github.com/voxpupuli/puppet-chrony/pull/103) ([alexjfisher](https://github.com/alexjfisher))
183 | - queryhosts: enforce Array\[String\] data type [\#101](https://github.com/voxpupuli/puppet-chrony/pull/101) ([kenyon](https://github.com/kenyon))
184 |
185 | **Merged pull requests:**
186 |
187 | - Fix tests to work with rspec-puppet 2.8.0 [\#93](https://github.com/voxpupuli/puppet-chrony/pull/93) ([alexjfisher](https://github.com/alexjfisher))
188 |
189 | ## [v0.4.0](https://github.com/voxpupuli/puppet-chrony/tree/v0.4.0) (2020-10-25)
190 |
191 | [Full Changelog](https://github.com/voxpupuli/puppet-chrony/compare/v0.3.2...v0.4.0)
192 |
193 | This is the first release of this module under [Vox Pupuli](https://voxpupuli.org/)'s [puppet](https://forge.puppet.com/puppet) namespace. It was migrated to Vox Pupuli from [oboe76/chrony](https://forge.puppet.com/oboe76/chrony).
194 |
195 | **Implemented enhancements:**
196 |
197 | - Add new `driftfile`, `hwtimestamps`, `rtcsync`, and `dumpdir` parameters [\#82](https://github.com/voxpupuli/puppet-chrony/pull/82) ([chrekh](https://github.com/chrekh))
198 | - Add support for Gentoo [\#80](https://github.com/voxpupuli/puppet-chrony/pull/80) ([chrekh](https://github.com/chrekh))
199 | - Support `rtconutc` option [\#68](https://github.com/voxpupuli/puppet-chrony/pull/68) ([Bluewind](https://github.com/Bluewind))
200 | - Add `leapsectz` option config option [\#65](https://github.com/voxpupuli/puppet-chrony/pull/65) ([adrienthebo](https://github.com/adrienthebo))
201 |
202 | **Fixed bugs:**
203 |
204 | - Fix Arch Linux configuration [\#77](https://github.com/voxpupuli/puppet-chrony/pull/77) ([0x6d617474](https://github.com/0x6d617474))
205 |
206 | **Closed issues:**
207 |
208 | - avoid changing configuration when adding optional parameters [\#64](https://github.com/voxpupuli/puppet-chrony/issues/64)
209 | - `peer` parameter doesn't do anything on ArchLinux [\#57](https://github.com/voxpupuli/puppet-chrony/issues/57)
210 |
211 | **Merged pull requests:**
212 |
213 | - Replace litmus with Beaker [\#98](https://github.com/voxpupuli/puppet-chrony/pull/98) ([alexjfisher](https://github.com/alexjfisher))
214 | - Remove unnecessary test on $service\_ensure [\#88](https://github.com/voxpupuli/puppet-chrony/pull/88) ([chrekh](https://github.com/chrekh))
215 | - Change occurrences of 'if !' to 'unless' where possible. [\#87](https://github.com/voxpupuli/puppet-chrony/pull/87) ([chrekh](https://github.com/chrekh))
216 | - Add tests for gentoo [\#86](https://github.com/voxpupuli/puppet-chrony/pull/86) ([chrekh](https://github.com/chrekh))
217 | - Fix wrong end-tag resulting in blank line. [\#85](https://github.com/voxpupuli/puppet-chrony/pull/85) ([chrekh](https://github.com/chrekh))
218 | - Fix documentation about parameter port. [\#84](https://github.com/voxpupuli/puppet-chrony/pull/84) ([chrekh](https://github.com/chrekh))
219 | - Convert template for chrony.keys from erb to epp [\#83](https://github.com/voxpupuli/puppet-chrony/pull/83) ([chrekh](https://github.com/chrekh))
220 | - Remove default value of 0 for $port and allow $port to be unset [\#81](https://github.com/voxpupuli/puppet-chrony/pull/81) ([chrekh](https://github.com/chrekh))
221 | - Consolidate templates and convert to epp\(\) [\#79](https://github.com/voxpupuli/puppet-chrony/pull/79) ([chrekh](https://github.com/chrekh))
222 | - Enhance parameter validation with more data types [\#63](https://github.com/voxpupuli/puppet-chrony/pull/63) ([alexjfisher](https://github.com/alexjfisher))
223 | - Move static defaults out of params.pp [\#61](https://github.com/voxpupuli/puppet-chrony/pull/61) ([alexjfisher](https://github.com/alexjfisher))
224 |
225 | ## [v0.3.2](https://forge.puppet.com/v3/files/aboe-chrony-0.3.2.tar.gz) (2020-01-14)
226 |
227 | **Merged pull requests:**
228 |
229 | - Remove 'Coverage status' badge [\#58|(https://github.com/aboe76/puppet-chrony/pull/58) ([alexjfisher](https://github.com/alexjfisher))
230 | - Use full Apache 2.0 License text and add badge [\#57|(https://github.com/aboe76/puppet-chrony/pull/57) ([alexjfisher](https://github.com/alexjfisher))
231 | - Use puppet-strings for reference docs [\#56|(https://github.com/aboe76/puppet-chrony/pull/56) ([alexjfisher](https://github.com/alexjfisher))
232 | - Add stratumweight parameter [\#55|(https://github.com/aboe76/puppet-chrony/pull/55) ([alexjfisher](https://github.com/alexjfisher))
233 | - Treat keys file content as Sensitive [\#54|(https://github.com/aboe76/puppet-chrony/pull/54) ([alexjfisher](https://github.com/alexjfisher))
234 | - Support custom package source and provider [\#53|(https://github.com/aboe76/puppet-chrony/pull/53) ([JannikJ](https://github.com/JannikJ))
235 | - Doc update [\#52|(https://github.com/aboe76/puppet-chrony/pull/52) ([przemas75](https://github.com/przemas75))
236 | - skew second [\#51|(https://github.com/aboe76/puppet-chrony/pull/51) ([przemas75](https://github.com/przemas75))
237 |
238 | ## [v0.3.1](https://forge.puppet.com/v3/files/aboe-chrony-0.3.1.tar.gz) (2019-10-12)
239 |
240 | **Merged pull requests:**
241 |
242 | - cmdport parameter [\#50|(https://github.com/aboe76/puppet-chrony/pull/50) ([przemas75](https://github.com/przemas75))
243 |
244 | ## [v0.3.0](https://forge.puppet.com/v3/files/aboe-chrony-0.3.0.tar.gz) (2019-08-05)
245 |
246 | **Merged pull requests:**
247 |
248 | - Confirmed RHEL 8 functionality [\#46|(https://github.com/aboe76/puppet-chrony/pull/46) ([stevekay](https://github.com/stevekay))
249 | - Add parameter $cmdacl (\#47|(https://github.com/aboe76/puppet-chrony/pull/47) ([nbarrientos](https://github.com/nbarrientos))
250 |
251 | ## [v0.2.6](https://forge.puppet.com/v3/files/aboe-chrony-0.2.6.tar.gz) (2019-08-02)
252 |
253 | **Merged pull requests:**
254 |
255 | - Allow configuring bindcmdaddress [\#45|(https://github.com/aboe76/puppet-chrony/pull/45) ([nbarrientos](https://github.com/nbarrientos))
256 | - remove dependency on puppetlabs-stdlib [\#42|(https://github.com/aboe76/puppet-chrony/pull/43) ([vchepkov](https://github.com/vchepkov))
257 | - Don't ignore port setting [\#40|(https://github.com/aboe76/puppet-chrony/pull/40) ([bzed](https://github.com/bzed))
258 |
259 |
260 | ## [v0.2.5](https://forge.puppet.com/v3/files/aboe-chrony-0.2.5.tar.gz) (2019-04-25)
261 |
262 | **Merged pull requests:**
263 |
264 | - Add support for pools [\#37|(https://github.com/aboe76/puppet-chrony/pull/37) ([giggsey](https://github.com/giggsey))
265 |
266 | ## [v0.2.4](https://forge.puppet.com/v3/files/aboe-chrony-0.2.4.tar.gz) (2019-01-07)
267 |
268 | **Merged pull requests:**
269 |
270 | - More complex support for refclock [\#36](https://github.com/aboe76/puppet-chrony/pull/36) ([jcpunk](https://github.com/jcpunk))
271 |
272 |
273 | ## [v0.2.3](https://forge.puppet.com/v3/files/aboe-chrony-0.2.3.tar.gz) (2018-10-05)
274 |
275 | **Merged pull requests:**
276 |
277 | - support for peers, variable local stratum, SUSE 12 [\#32](https://github.com/aboe76/puppet-chrony/pull/32) ([Warblefly](https://github.com/Warblefly))
278 |
279 | ## [v0.2.2](https://forge.puppet.com/v3/files/aboe-chrony-0.2.2.tar.gz) (2018-09-26)
280 |
281 | **Merged pull requests:**
282 |
283 | - add log_options for logging support [\#31](https://github.com/aboe76/puppet-chrony/pull/31) ([Warblefly](https://github.com/bastelfreak))
284 | - Add configuration of clientlog and clientloglimit. [\#30](https://github.com/aboe76/puppet-chrony/pull/30) ([olifre](https://github.com/olifre))
285 | - Implement "makestep" config parameter. [\#27](https://github.com/aboe76/puppet-chrony/pull/27) ([olifre](https://github.com/olifre))
286 | - add debian in readme tested os [\#26](https://github.com/aboe76/puppet-chrony/pull/26) ([othalla](https://github.com/othalla))
287 |
288 | ## [v0.2.1](https://forge.puppet.com/v3/files/aboe-chrony-0.2.1.tar.gz) (2018-05-26)
289 |
290 | **Merged pull requests:**
291 |
292 | - adding parameters [\#25](https://github.com/aboe76/puppet-chrony/pull/25) ([othalla](https://github.com/othalla))
293 | - fix titles in readme [\#24](https://github.com/aboe76/puppet-chrony/pull/24) ([othalla](https://github.com/othalla))
294 |
295 | ## [v0.2.0](https://forge.puppet.com/v3/files/aboe-chrony-0.2.0.tar.gz) (2018-05-12)
296 |
297 | **Merged pull requests:**
298 |
299 | - Adding Debian support [\#23](https://github.com/aboe76/puppet-chrony/pull/23) ([othalla](https://github.com/othalla))
300 | - Add OS support in Metadata & use contain instead of anchor [\#22](https://github.com/aboe76/puppet-chrony/pull/22) ([othalla](https://github.com/othalla))
301 | - improve CI & test with puppet 4/5 [\#21](https://github.com/aboe76/puppet-chrony/pull/21) ([othalla](https://github.com/othalla))
302 | - Add refclocks configuration parameter [\#17](https://github.com/aboe76/puppet-chrony/pull/17) ([islepnev](https://github.com/islepnev))
303 |
304 | ## [v0.1.2](https://forge.puppet.com/v3/files/aboe-chrony-0.1.2.tar.gz) (2017-10-31)
305 |
306 | **Merged pull requests:**
307 |
308 | - Removed unsupported options [\#15](https://github.com/aboe76/puppet-chrony/pull/15) ([4N7](https://github.com/4N7))
309 | - Remove unsupported options [\#14](https://github.com/aboe76/puppet-chrony/pull/14) ([4N7](https://github.com/4N7))
310 | - make sure we iterate predictable over the hash [\#11](https://github.com/aboe76/puppet-chrony/pull/11) ([duritong](https://github.com/duritong))
311 | - Make keys more configurable [\#10](https://github.com/aboe76/puppet-chrony/pull/10) ([roysjosh](https://github.com/roysjosh))
312 |
313 |
314 | ## [v0.1.1](https://forge.puppet.com/v3/files/aboe-chrony-0.1.1.tar.gz)(2016-03-11)
315 |
316 | - Allow chrony to create its own keys in chrony.keys
317 | - configure owner,group and mode of chrony keys file
318 | - test will run now
319 | - skip older ruby version in test
320 | - small fixes for travis
321 |
322 | ## [v0.1.0](https://forge.puppet.com/v3/files/aboe-chrony-0.1.0.tar.gz)(2015-03-08)
323 |
324 | - fix future parser
325 |
326 | ## [v0.0.9](https://forge.puppet.com/v3/files/aboe-chrony-0.0.9.tar.gz)(2014-10-19)
327 |
328 | - Secure default installation
329 | - fix travis
330 | - queryhost should be empty
331 | - basic set of tests running
332 |
333 | ## [v0.0.8](https://forge.puppet.com/v3/files/aboe-chrony-0.0.8.tar.gz)(2014-07-17)
334 |
335 | - Fix key params
336 | - chrony.keys not world readable
337 |
338 | ## [v0.0.7](https://forge.puppet.com/v3/files/aboe-chrony-0.0.7.tar.gz)(2014-06-09)
339 |
340 | - Fix path for config_key
341 | - Set Red Hat chrony params
342 | - Fix template Red Hat
343 |
344 |
345 | ## [v0.0.6](https://forge.puppet.com/v3/files/aboe-chrony-0.0.6.tar.gz)(2014-04-27)
346 |
347 | - Add Red Hat support
348 | - Add chrony params with queryhost
349 | - Fix build
350 |
351 | ## [v0.0.5](https://forge.puppet.com/v3/files/aboe-chrony-0.0.5.tar.gz)(2013-03-21)
352 |
353 | - Add license
354 |
355 | ## [v0.0.4](https://forge.puppet.com/v3/files/aboe-chrony-0.0.4.tar.gz)(2013-06-20)
356 |
357 | - Fix travis button and testing
358 |
359 |
360 | ## [v0.0.3](https://forge.puppet.com/v3/files/aboe-chrony-0.0.3.tar.gz)(2013-06-20)
361 |
362 | - Update Readme and spec test
363 |
364 | ## [v0.0.2](https://forge.puppet.com/v3/files/aboe-chrony-0.0.2.tar.gz)(2013-06-19)
365 |
366 | - Update module forge with more information
367 |
368 | ## [v0.0.1](https://forge.puppet.com/v3/files/aboe-chrony-0.0.1.tar.gz)(2013-06-19)
369 |
370 | - First release on forge
371 |
372 |
373 |
374 | \* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*
375 |
--------------------------------------------------------------------------------
/CONTRIBUTORS:
--------------------------------------------------------------------------------
1 | Niels Abspoel
2 |
--------------------------------------------------------------------------------
/Gemfile:
--------------------------------------------------------------------------------
1 | # Managed by modulesync - DO NOT EDIT
2 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
3 |
4 | source ENV['GEM_SOURCE'] || 'https://rubygems.org'
5 |
6 | group :test do
7 | gem 'voxpupuli-test', '~> 10.0', :require => false
8 | gem 'puppet_metadata', '~> 5.0', :require => false
9 | end
10 |
11 | group :development do
12 | gem 'guard-rake', :require => false
13 | gem 'overcommit', '>= 0.39.1', :require => false
14 | end
15 |
16 | group :system_tests do
17 | gem 'voxpupuli-acceptance', '~> 3.5', :require => false
18 | end
19 |
20 | group :release do
21 | gem 'voxpupuli-release', '~> 3.0', :require => false
22 | end
23 |
24 | gem 'rake', :require => false
25 | gem 'facter', ENV['FACTER_GEM_VERSION'], :require => false, :groups => [:test]
26 |
27 | puppetversion = ENV['PUPPET_GEM_VERSION'] || [">= 7.24", "< 9"]
28 | gem 'puppet', puppetversion, :require => false, :groups => [:test]
29 |
30 | # vim: syntax=ruby
31 |
--------------------------------------------------------------------------------
/HISTORY.md:
--------------------------------------------------------------------------------
1 | ## [v0.3.2](https://forge.puppet.com/v3/files/aboe-chrony-0.3.2.tar.gz) (2020-01-14)
2 |
3 | **Merged pull requests:**
4 |
5 | - Remove 'Coverage status' badge [\#58|(https://github.com/aboe76/puppet-chrony/pull/58) ([alexjfisher](https://github.com/alexjfisher))
6 | - Use full Apache 2.0 License text and add badge [\#57|(https://github.com/aboe76/puppet-chrony/pull/57) ([alexjfisher](https://github.com/alexjfisher))
7 | - Use puppet-strings for reference docs [\#56|(https://github.com/aboe76/puppet-chrony/pull/56) ([alexjfisher](https://github.com/alexjfisher))
8 | - Add stratumweight parameter [\#55|(https://github.com/aboe76/puppet-chrony/pull/55) ([alexjfisher](https://github.com/alexjfisher))
9 | - Treat keys file content as Sensitive [\#54|(https://github.com/aboe76/puppet-chrony/pull/54) ([alexjfisher](https://github.com/alexjfisher))
10 | - Support custom package source and provider [\#53|(https://github.com/aboe76/puppet-chrony/pull/53) ([JannikJ](https://github.com/JannikJ))
11 | - Doc update [\#52|(https://github.com/aboe76/puppet-chrony/pull/52) ([przemas75](https://github.com/przemas75))
12 | - skew second [\#51|(https://github.com/aboe76/puppet-chrony/pull/51) ([przemas75](https://github.com/przemas75))
13 |
14 | ## [v0.3.1](https://forge.puppet.com/v3/files/aboe-chrony-0.3.1.tar.gz) (2019-10-12)
15 |
16 | **Merged pull requests:**
17 |
18 | - cmdport parameter [\#50|(https://github.com/aboe76/puppet-chrony/pull/50) ([przemas75](https://github.com/przemas75))
19 |
20 | ## [v0.3.0](https://forge.puppet.com/v3/files/aboe-chrony-0.3.0.tar.gz) (2019-08-05)
21 |
22 | **Merged pull requests:**
23 |
24 | - Confirmed RHEL 8 functionality [\#46|(https://github.com/aboe76/puppet-chrony/pull/46) ([stevekay](https://github.com/stevekay))
25 | - Add parameter $cmdacl (\#47|(https://github.com/aboe76/puppet-chrony/pull/47) ([nbarrientos](https://github.com/nbarrientos))
26 |
27 | ## [v0.2.6](https://forge.puppet.com/v3/files/aboe-chrony-0.2.6.tar.gz) (2019-08-02)
28 |
29 | **Merged pull requests:**
30 |
31 | - Allow configuring bindcmdaddress [\#45|(https://github.com/aboe76/puppet-chrony/pull/45) ([nbarrientos](https://github.com/nbarrientos))
32 | - remove dependency on puppetlabs-stdlib [\#42|(https://github.com/aboe76/puppet-chrony/pull/43) ([vchepkov](https://github.com/vchepkov))
33 | - Don't ignore port setting [\#40|(https://github.com/aboe76/puppet-chrony/pull/40) ([bzed](https://github.com/bzed))
34 |
35 |
36 | ## [v0.2.5](https://forge.puppet.com/v3/files/aboe-chrony-0.2.5.tar.gz) (2019-04-25)
37 |
38 | **Merged pull requests:**
39 |
40 | - Add support for pools [\#37|(https://github.com/aboe76/puppet-chrony/pull/37) ([giggsey](https://github.com/giggsey))
41 |
42 | ## [v0.2.4](https://forge.puppet.com/v3/files/aboe-chrony-0.2.4.tar.gz) (2019-01-07)
43 |
44 | **Merged pull requests:**
45 |
46 | - More complex support for refclock [\#36](https://github.com/aboe76/puppet-chrony/pull/36) ([jcpunk](https://github.com/jcpunk))
47 |
48 |
49 | ## [v0.2.3](https://forge.puppet.com/v3/files/aboe-chrony-0.2.3.tar.gz) (2018-10-05)
50 |
51 | **Merged pull requests:**
52 |
53 | - support for peers, variable local stratum, SUSE 12 [\#32](https://github.com/aboe76/puppet-chrony/pull/32) ([Warblefly](https://github.com/Warblefly))
54 |
55 | ## [v0.2.2](https://forge.puppet.com/v3/files/aboe-chrony-0.2.2.tar.gz) (2018-09-26)
56 |
57 | **Merged pull requests:**
58 |
59 | - add log_options for logging support [\#31](https://github.com/aboe76/puppet-chrony/pull/31) ([Warblefly](https://github.com/bastelfreak))
60 | - Add configuration of clientlog and clientloglimit. [\#30](https://github.com/aboe76/puppet-chrony/pull/30) ([olifre](https://github.com/olifre))
61 | - Implement "makestep" config parameter. [\#27](https://github.com/aboe76/puppet-chrony/pull/27) ([olifre](https://github.com/olifre))
62 | - add debian in readme tested os [\#26](https://github.com/aboe76/puppet-chrony/pull/26) ([othalla](https://github.com/othalla))
63 |
64 | ## [v0.2.1](https://forge.puppet.com/v3/files/aboe-chrony-0.2.1.tar.gz) (2018-05-26)
65 |
66 | **Merged pull requests:**
67 |
68 | - adding parameters [\#25](https://github.com/aboe76/puppet-chrony/pull/25) ([othalla](https://github.com/othalla))
69 | - fix titles in readme [\#24](https://github.com/aboe76/puppet-chrony/pull/24) ([othalla](https://github.com/othalla))
70 |
71 | ## [v0.2.0](https://forge.puppet.com/v3/files/aboe-chrony-0.2.0.tar.gz) (2018-05-12)
72 |
73 | **Merged pull requests:**
74 |
75 | - Adding Debian support [\#23](https://github.com/aboe76/puppet-chrony/pull/23) ([othalla](https://github.com/othalla))
76 | - Add OS support in Metadata & use contain instead of anchor [\#22](https://github.com/aboe76/puppet-chrony/pull/22) ([othalla](https://github.com/othalla))
77 | - improve CI & test with puppet 4/5 [\#21](https://github.com/aboe76/puppet-chrony/pull/21) ([othalla](https://github.com/othalla))
78 | - Add refclocks configuration parameter [\#17](https://github.com/aboe76/puppet-chrony/pull/17) ([islepnev](https://github.com/islepnev))
79 |
80 | ## [v0.1.2](https://forge.puppet.com/v3/files/aboe-chrony-0.1.2.tar.gz) (2017-10-31)
81 |
82 | **Merged pull requests:**
83 |
84 | - Removed unsupported options [\#15](https://github.com/aboe76/puppet-chrony/pull/15) ([4N7](https://github.com/4N7))
85 | - Remove unsupported options [\#14](https://github.com/aboe76/puppet-chrony/pull/14) ([4N7](https://github.com/4N7))
86 | - make sure we iterate predictable over the hash [\#11](https://github.com/aboe76/puppet-chrony/pull/11) ([duritong](https://github.com/duritong))
87 | - Make keys more configurable [\#10](https://github.com/aboe76/puppet-chrony/pull/10) ([roysjosh](https://github.com/roysjosh))
88 |
89 |
90 | ## [v0.1.1](https://forge.puppet.com/v3/files/aboe-chrony-0.1.1.tar.gz)(2016-03-11)
91 |
92 | - Allow chrony to create its own keys in chrony.keys
93 | - configure owner,group and mode of chrony keys file
94 | - test will run now
95 | - skip older ruby version in test
96 | - small fixes for travis
97 |
98 | ## [v0.1.0](https://forge.puppet.com/v3/files/aboe-chrony-0.1.0.tar.gz)(2015-03-08)
99 |
100 | - fix future parser
101 |
102 | ## [v0.0.9](https://forge.puppet.com/v3/files/aboe-chrony-0.0.9.tar.gz)(2014-10-19)
103 |
104 | - Secure default installation
105 | - fix travis
106 | - queryhost should be empty
107 | - basic set of tests running
108 |
109 | ## [v0.0.8](https://forge.puppet.com/v3/files/aboe-chrony-0.0.8.tar.gz)(2014-07-17)
110 |
111 | - Fix key params
112 | - chrony.keys not world readable
113 |
114 | ## [v0.0.7](https://forge.puppet.com/v3/files/aboe-chrony-0.0.7.tar.gz)(2014-06-09)
115 |
116 | - Fix path for config_key
117 | - Set Red Hat chrony params
118 | - Fix template Red Hat
119 |
120 |
121 | ## [v0.0.6](https://forge.puppet.com/v3/files/aboe-chrony-0.0.6.tar.gz)(2014-04-27)
122 |
123 | - Add Red Hat support
124 | - Add chrony params with queryhost
125 | - Fix build
126 |
127 | ## [v0.0.5](https://forge.puppet.com/v3/files/aboe-chrony-0.0.5.tar.gz)(2013-03-21)
128 |
129 | - Add license
130 |
131 | ## [v0.0.4](https://forge.puppet.com/v3/files/aboe-chrony-0.0.4.tar.gz)(2013-06-20)
132 |
133 | - Fix travis button and testing
134 |
135 |
136 | ## [v0.0.3](https://forge.puppet.com/v3/files/aboe-chrony-0.0.3.tar.gz)(2013-06-20)
137 |
138 | - Update Readme and spec test
139 |
140 | ## [v0.0.2](https://forge.puppet.com/v3/files/aboe-chrony-0.0.2.tar.gz)(2013-06-19)
141 |
142 | - Update module forge with more information
143 |
144 | ## [v0.0.1](https://forge.puppet.com/v3/files/aboe-chrony-0.0.1.tar.gz)(2013-06-19)
145 |
146 | - First release on forge
147 |
148 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Copyright 2013 Niels Abspoel
2 |
3 | Apache License
4 | Version 2.0, January 2004
5 | http://www.apache.org/licenses/
6 |
7 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
8 |
9 | 1. Definitions.
10 |
11 | "License" shall mean the terms and conditions for use, reproduction,
12 | and distribution as defined by Sections 1 through 9 of this document.
13 |
14 | "Licensor" shall mean the copyright owner or entity authorized by
15 | the copyright owner that is granting the License.
16 |
17 | "Legal Entity" shall mean the union of the acting entity and all
18 | other entities that control, are controlled by, or are under common
19 | control with that entity. For the purposes of this definition,
20 | "control" means (i) the power, direct or indirect, to cause the
21 | direction or management of such entity, whether by contract or
22 | otherwise, or (ii) ownership of fifty percent (50%) or more of the
23 | outstanding shares, or (iii) beneficial ownership of such entity.
24 |
25 | "You" (or "Your") shall mean an individual or Legal Entity
26 | exercising permissions granted by this License.
27 |
28 | "Source" form shall mean the preferred form for making modifications,
29 | including but not limited to software source code, documentation
30 | source, and configuration files.
31 |
32 | "Object" form shall mean any form resulting from mechanical
33 | transformation or translation of a Source form, including but
34 | not limited to compiled object code, generated documentation,
35 | and conversions to other media types.
36 |
37 | "Work" shall mean the work of authorship, whether in Source or
38 | Object form, made available under the License, as indicated by a
39 | copyright notice that is included in or attached to the work
40 | (an example is provided in the Appendix below).
41 |
42 | "Derivative Works" shall mean any work, whether in Source or Object
43 | form, that is based on (or derived from) the Work and for which the
44 | editorial revisions, annotations, elaborations, or other modifications
45 | represent, as a whole, an original work of authorship. For the purposes
46 | of this License, Derivative Works shall not include works that remain
47 | separable from, or merely link (or bind by name) to the interfaces of,
48 | the Work and Derivative Works thereof.
49 |
50 | "Contribution" shall mean any work of authorship, including
51 | the original version of the Work and any modifications or additions
52 | to that Work or Derivative Works thereof, that is intentionally
53 | submitted to Licensor for inclusion in the Work by the copyright owner
54 | or by an individual or Legal Entity authorized to submit on behalf of
55 | the copyright owner. For the purposes of this definition, "submitted"
56 | means any form of electronic, verbal, or written communication sent
57 | to the Licensor or its representatives, including but not limited to
58 | communication on electronic mailing lists, source code control systems,
59 | and issue tracking systems that are managed by, or on behalf of, the
60 | Licensor for the purpose of discussing and improving the Work, but
61 | excluding communication that is conspicuously marked or otherwise
62 | designated in writing by the copyright owner as "Not a Contribution."
63 |
64 | "Contributor" shall mean Licensor and any individual or Legal Entity
65 | on behalf of whom a Contribution has been received by Licensor and
66 | subsequently incorporated within the Work.
67 |
68 | 2. Grant of Copyright License. Subject to the terms and conditions of
69 | this License, each Contributor hereby grants to You a perpetual,
70 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
71 | copyright license to reproduce, prepare Derivative Works of,
72 | publicly display, publicly perform, sublicense, and distribute the
73 | Work and such Derivative Works in Source or Object form.
74 |
75 | 3. Grant of Patent License. Subject to the terms and conditions of
76 | this License, each Contributor hereby grants to You a perpetual,
77 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
78 | (except as stated in this section) patent license to make, have made,
79 | use, offer to sell, sell, import, and otherwise transfer the Work,
80 | where such license applies only to those patent claims licensable
81 | by such Contributor that are necessarily infringed by their
82 | Contribution(s) alone or by combination of their Contribution(s)
83 | with the Work to which such Contribution(s) was submitted. If You
84 | institute patent litigation against any entity (including a
85 | cross-claim or counterclaim in a lawsuit) alleging that the Work
86 | or a Contribution incorporated within the Work constitutes direct
87 | or contributory patent infringement, then any patent licenses
88 | granted to You under this License for that Work shall terminate
89 | as of the date such litigation is filed.
90 |
91 | 4. Redistribution. You may reproduce and distribute copies of the
92 | Work or Derivative Works thereof in any medium, with or without
93 | modifications, and in Source or Object form, provided that You
94 | meet the following conditions:
95 |
96 | (a) You must give any other recipients of the Work or
97 | Derivative Works a copy of this License; and
98 |
99 | (b) You must cause any modified files to carry prominent notices
100 | stating that You changed the files; and
101 |
102 | (c) You must retain, in the Source form of any Derivative Works
103 | that You distribute, all copyright, patent, trademark, and
104 | attribution notices from the Source form of the Work,
105 | excluding those notices that do not pertain to any part of
106 | the Derivative Works; and
107 |
108 | (d) If the Work includes a "NOTICE" text file as part of its
109 | distribution, then any Derivative Works that You distribute must
110 | include a readable copy of the attribution notices contained
111 | within such NOTICE file, excluding those notices that do not
112 | pertain to any part of the Derivative Works, in at least one
113 | of the following places: within a NOTICE text file distributed
114 | as part of the Derivative Works; within the Source form or
115 | documentation, if provided along with the Derivative Works; or,
116 | within a display generated by the Derivative Works, if and
117 | wherever such third-party notices normally appear. The contents
118 | of the NOTICE file are for informational purposes only and
119 | do not modify the License. You may add Your own attribution
120 | notices within Derivative Works that You distribute, alongside
121 | or as an addendum to the NOTICE text from the Work, provided
122 | that such additional attribution notices cannot be construed
123 | as modifying the License.
124 |
125 | You may add Your own copyright statement to Your modifications and
126 | may provide additional or different license terms and conditions
127 | for use, reproduction, or distribution of Your modifications, or
128 | for any such Derivative Works as a whole, provided Your use,
129 | reproduction, and distribution of the Work otherwise complies with
130 | the conditions stated in this License.
131 |
132 | 5. Submission of Contributions. Unless You explicitly state otherwise,
133 | any Contribution intentionally submitted for inclusion in the Work
134 | by You to the Licensor shall be under the terms and conditions of
135 | this License, without any additional terms or conditions.
136 | Notwithstanding the above, nothing herein shall supersede or modify
137 | the terms of any separate license agreement you may have executed
138 | with Licensor regarding such Contributions.
139 |
140 | 6. Trademarks. This License does not grant permission to use the trade
141 | names, trademarks, service marks, or product names of the Licensor,
142 | except as required for reasonable and customary use in describing the
143 | origin of the Work and reproducing the content of the NOTICE file.
144 |
145 | 7. Disclaimer of Warranty. Unless required by applicable law or
146 | agreed to in writing, Licensor provides the Work (and each
147 | Contributor provides its Contributions) on an "AS IS" BASIS,
148 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
149 | implied, including, without limitation, any warranties or conditions
150 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
151 | PARTICULAR PURPOSE. You are solely responsible for determining the
152 | appropriateness of using or redistributing the Work and assume any
153 | risks associated with Your exercise of permissions under this License.
154 |
155 | 8. Limitation of Liability. In no event and under no legal theory,
156 | whether in tort (including negligence), contract, or otherwise,
157 | unless required by applicable law (such as deliberate and grossly
158 | negligent acts) or agreed to in writing, shall any Contributor be
159 | liable to You for damages, including any direct, indirect, special,
160 | incidental, or consequential damages of any character arising as a
161 | result of this License or out of the use or inability to use the
162 | Work (including but not limited to damages for loss of goodwill,
163 | work stoppage, computer failure or malfunction, or any and all
164 | other commercial damages or losses), even if such Contributor
165 | has been advised of the possibility of such damages.
166 |
167 | 9. Accepting Warranty or Additional Liability. While redistributing
168 | the Work or Derivative Works thereof, You may choose to offer,
169 | and charge a fee for, acceptance of support, warranty, indemnity,
170 | or other liability obligations and/or rights consistent with this
171 | License. However, in accepting such obligations, You may act only
172 | on Your own behalf and on Your sole responsibility, not on behalf
173 | of any other Contributor, and only if You agree to indemnify,
174 | defend, and hold each Contributor harmless for any liability
175 | incurred by, or claims asserted against, such Contributor by reason
176 | of your accepting any such warranty or additional liability.
177 |
178 | END OF TERMS AND CONDITIONS
179 |
180 | APPENDIX: How to apply the Apache License to your work.
181 |
182 | To apply the Apache License to your work, attach the following
183 | boilerplate notice, with the fields enclosed by brackets "[]"
184 | replaced with your own identifying information. (Don't include
185 | the brackets!) The text should be enclosed in the appropriate
186 | comment syntax for the file format. We also recommend that a
187 | file or class name and description of purpose be included on the
188 | same "printed page" as the copyright notice for easier
189 | identification within third-party archives.
190 |
191 | Copyright [yyyy] [name of copyright owner]
192 |
193 | Licensed under the Apache License, Version 2.0 (the "License");
194 | you may not use this file except in compliance with the License.
195 | You may obtain a copy of the License at
196 |
197 | http://www.apache.org/licenses/LICENSE-2.0
198 |
199 | Unless required by applicable law or agreed to in writing, software
200 | distributed under the License is distributed on an "AS IS" BASIS,
201 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
202 | See the License for the specific language governing permissions and
203 | limitations under the License.
204 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # puppet-chrony
2 |
3 | [](https://github.com/voxpupuli/puppet-chrony/blob/master/LICENSE)
4 | [](http://travis-ci.org/voxpupuli/puppet-chrony)
5 | [](https://forge.puppetlabs.com/puppet/chrony)
6 | [](https://forge.puppetlabs.com/puppet/chrony)
7 | [](https://forge.puppetlabs.com/puppet/chrony)
8 |
9 | ## Table of Contents
10 |
11 | 1. [Overview](#overview)
12 | 1. [Module Description - What the module does and why it is useful](#module-description)
13 | 1. [Setup - The basics of getting started with chrony](#setup)
14 | - [What chrony affects](#what-chrony-affects)
15 | - [Setup requirements](#setup-requirements)
16 | - [Beginning with chrony](#beginning-with-chrony)
17 | 1. [Usage - Configuration options and additional functionality](#usage)
18 | 1. [Reference - An under-the-hood peek at what the module is doing and how](#reference)
19 | 1. [Limitations - OS compatibility, etc.](#limitations)
20 | 1. [Copyright and License](#copyright-and-license)
21 |
22 | ## Overview
23 |
24 | ### Chrony Puppet Module
25 |
26 | Manage chrony time daemon on Archlinux and Redhat
27 |
28 | ## Module Description
29 |
30 | The Chrony module handles running chrony in Archlinux and Redhat systems
31 | with systemd.
32 |
33 | ## Setup
34 |
35 | ### What chrony affects
36 |
37 | - chrony package.
38 | - chrony configuration file.
39 | - chrony key file.
40 | - chrony service.
41 |
42 | ### Requirements
43 |
44 | Please review `metadata.json` for a list of requirements.
45 |
46 | ### Beginning with chrony
47 |
48 | `include 'chrony'` is all you need to get it running. If you
49 | wish to pass in parameters like which servers to use
50 | then you can use:
51 |
52 | ```puppet
53 | class { 'chrony':
54 | servers => ['ntp1.corp.com', 'ntp2.corp.com' ],
55 | }
56 | ```
57 |
58 | ## Usage
59 |
60 | All interaction with the chrony module can be done through
61 | the main chrony class.
62 |
63 | ### I just want chrony, what's the minimum I need?
64 |
65 | ```puppet
66 | include 'chrony'
67 | ```
68 |
69 | ### I just want to tweak the servers, nothing else
70 |
71 | ```puppet
72 | class { 'chrony':
73 | servers => [ 'ntp1.corp.com', 'ntp2.corp.com', ],
74 | }
75 | ```
76 |
77 | ### I'd like to make sure a secret password is used for chronyc
78 |
79 | ```puppet
80 | class { 'chrony':
81 | servers => [ 'ntp1.corp.com', 'ntp2.corp.com', ],
82 | chrony_password => 'secret_password',
83 | }
84 | ```
85 |
86 | ### I'd like to use NTP authentication
87 |
88 | ```puppet
89 | class { 'chrony':
90 | keys => ['25 SHA1 HEX:1dc764e0791b11fa67efc7ecbc4b0d73f68a070c'],
91 | servers => {
92 | 'ntp1.corp.com' => ['key 25', 'iburst'],
93 | 'ntp2.corp.com' => ['key 25', 'iburst'],
94 | },
95 | }
96 | ```
97 |
98 | ### I'd like chronyd to auto generate a command key at startup
99 |
100 | ```puppet
101 | class { 'chrony':
102 | chrony_password => 'unset',
103 | config_keys_manage => false,
104 | }
105 | ```
106 |
107 | ### Allow some hosts
108 |
109 | ```puppet
110 | class { 'chrony':
111 | queryhosts => [ '192.168/16', ],
112 | }
113 | ```
114 |
115 | ### How to configure leap second
116 |
117 | ```puppet
118 | class { 'chrony':
119 | leapsecmode => 'slew',
120 | smoothtime => '400 0.001 leaponly',
121 | maxslewrate => 1000.0
122 | }
123 | ```
124 |
125 | ### Enable chrony-wait.service
126 |
127 | RedHat and Suse provide a default disabled `chrony-wait.service` to block the `time-sync.target`
128 | until node is synchronised.
129 |
130 | To enable it:
131 |
132 | ```puppet
133 | class { 'chrony':
134 | wait_enable => true,
135 | wait_ensure => true,
136 | }
137 | ```
138 |
139 | ## Reference
140 |
141 | Reference documentation for the chrony module is generated using
142 | [puppet-strings](https://puppet.com/docs/puppet/latest/puppet_strings.html) and
143 | available in [REFERENCE.md](REFERENCE.md)
144 |
145 | ## Limitations
146 |
147 | See `metadata.json` for supported and tested operating systems.
148 |
149 | ## Copyright and License
150 |
151 | This module is distributed under the [Apache License 2.0](LICENSE). Copyright
152 | belongs to the module's authors, including Niels Abspoel and
153 | [others](https://github.com/voxpupuli/puppet-chrony/graphs/contributors).
154 |
155 | The module was originally written by [Niels Abspoel](https://github.com/aboe76)
156 | and released as [aboe76/chrony](https://forge.puppet.com/aboe/chrony).
157 | Since version 0.4.0, it is maintained by [Vox Pupuli](https://voxpupuli.org/).
158 |
--------------------------------------------------------------------------------
/REFERENCE.md:
--------------------------------------------------------------------------------
1 | # Reference
2 |
3 |
4 |
5 | ## Table of Contents
6 |
7 | ### Classes
8 |
9 | #### Public Classes
10 |
11 | * [`chrony`](#chrony): Installs and configures chrony
12 |
13 | #### Private Classes
14 |
15 | * `chrony::config`: Configures chrony
16 | * `chrony::install`: Installs chrony
17 | * `chrony::service`: Manages the chrony service
18 |
19 | ### Functions
20 |
21 | #### Private Functions
22 |
23 | * `chrony::server_array_to_hash`: Function to normalise servers/pools/peers
24 |
25 | ### Data types
26 |
27 | * [`Chrony::Servers`](#Chrony--Servers): Type for the `servers`, `pools` and `peers` parameters.
28 |
29 | ## Classes
30 |
31 | ### `chrony`
32 |
33 | Installs and configures chrony
34 |
35 | * **See also**
36 | * https://chrony.tuxfamily.org
37 |
38 | #### Examples
39 |
40 | ##### Install chrony with default options
41 |
42 | ```puppet
43 | include chrony
44 | ```
45 |
46 | ##### Use specific servers (These will be configured with the `iburst` option.)
47 |
48 | ```puppet
49 | class { 'chrony':
50 | servers => [ 'ntp1.corp.com', 'ntp2.corp.com', ],
51 | }
52 | ```
53 |
54 | ##### Two specific servers without `iburst`
55 |
56 | ```puppet
57 | class { 'chrony':
58 | servers => {
59 | 'ntp1.corp.com' => [],
60 | 'ntp2.corp.com' => [],
61 | },
62 | }
63 | ```
64 |
65 | ##### Ensure a secret password is used for chronyc
66 |
67 | ```puppet
68 | class { 'chrony':
69 | servers => [ 'ntp1.corp.com', 'ntp2.corp.com', ],
70 | chrony_password => 'secret_password',
71 | }
72 | ```
73 |
74 | ##### Use NTP authentication
75 |
76 | ```puppet
77 | class { 'chrony':
78 | keys => [
79 | '25 SHA1 HEX:1dc764e0791b11fa67efc7ecbc4b0d73f68a070c',
80 | ],
81 | servers => {
82 | 'ntp1.corp.com' => ['key 25', 'iburst'],
83 | 'ntp2.corp.com' => ['key 25', 'iburst'],
84 | },
85 | }
86 | ```
87 |
88 | ##### Have chronyd autogenerate a command key at startup
89 |
90 | ```puppet
91 | class { 'chrony':
92 | chrony_password => 'unset',
93 | config_keys_manage => false,
94 | }
95 | ```
96 |
97 | ##### Allow some hosts
98 |
99 | ```puppet
100 | class { 'chrony':
101 | queryhosts => ['192.168/16'],
102 | }
103 | ```
104 |
105 | ##### Configure the leap second mode
106 |
107 | ```puppet
108 | class { 'chrony':
109 | leapsecmode => 'slew',
110 | smoothtime => '400 0.001 leaponly',
111 | maxslewrate => 1000.0
112 | }
113 | ```
114 |
115 | ##### Configure [makestep](https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#makestep)
116 |
117 | ```puppet
118 | # Step the system clock if the adjustment is larger than 1000 seconds, but only in the first ten clock updates.
119 | class { 'chrony':
120 | makestep_seconds => 1000,
121 | makestep_updates => 10,
122 | }
123 | ```
124 |
125 | #### Parameters
126 |
127 | The following parameters are available in the `chrony` class:
128 |
129 | * [`bindaddress`](#-chrony--bindaddress)
130 | * [`bindcmdaddress`](#-chrony--bindcmdaddress)
131 | * [`initstepslew`](#-chrony--initstepslew)
132 | * [`confdir`](#-chrony--confdir)
133 | * [`sourcedir`](#-chrony--sourcedir)
134 | * [`cmdacl`](#-chrony--cmdacl)
135 | * [`cmdport`](#-chrony--cmdport)
136 | * [`commandkey`](#-chrony--commandkey)
137 | * [`chrony_password`](#-chrony--chrony_password)
138 | * [`config`](#-chrony--config)
139 | * [`config_template`](#-chrony--config_template)
140 | * [`config_keys`](#-chrony--config_keys)
141 | * [`config_keys_manage`](#-chrony--config_keys_manage)
142 | * [`config_keys_template`](#-chrony--config_keys_template)
143 | * [`config_keys_owner`](#-chrony--config_keys_owner)
144 | * [`config_keys_group`](#-chrony--config_keys_group)
145 | * [`config_keys_mode`](#-chrony--config_keys_mode)
146 | * [`keys`](#-chrony--keys)
147 | * [`driftfile`](#-chrony--driftfile)
148 | * [`local_stratum`](#-chrony--local_stratum)
149 | * [`local_orphan`](#-chrony--local_orphan)
150 | * [`ntpsigndsocket`](#-chrony--ntpsigndsocket)
151 | * [`stratumweight`](#-chrony--stratumweight)
152 | * [`log_options`](#-chrony--log_options)
153 | * [`logbanner`](#-chrony--logbanner)
154 | * [`logchange`](#-chrony--logchange)
155 | * [`package_ensure`](#-chrony--package_ensure)
156 | * [`package_name`](#-chrony--package_name)
157 | * [`package_source`](#-chrony--package_source)
158 | * [`package_provider`](#-chrony--package_provider)
159 | * [`peers`](#-chrony--peers)
160 | * [`servers`](#-chrony--servers)
161 | * [`pools`](#-chrony--pools)
162 | * [`minsources`](#-chrony--minsources)
163 | * [`minsamples`](#-chrony--minsamples)
164 | * [`refclocks`](#-chrony--refclocks)
165 | * [`makestep_seconds`](#-chrony--makestep_seconds)
166 | * [`makestep_updates`](#-chrony--makestep_updates)
167 | * [`queryhosts`](#-chrony--queryhosts)
168 | * [`denyqueryhosts`](#-chrony--denyqueryhosts)
169 | * [`port`](#-chrony--port)
170 | * [`service_enable`](#-chrony--service_enable)
171 | * [`service_ensure`](#-chrony--service_ensure)
172 | * [`service_manage`](#-chrony--service_manage)
173 | * [`service_name`](#-chrony--service_name)
174 | * [`wait_enable`](#-chrony--wait_enable)
175 | * [`wait_ensure`](#-chrony--wait_ensure)
176 | * [`wait_manage`](#-chrony--wait_manage)
177 | * [`wait_name`](#-chrony--wait_name)
178 | * [`smoothtime`](#-chrony--smoothtime)
179 | * [`mailonchange`](#-chrony--mailonchange)
180 | * [`threshold`](#-chrony--threshold)
181 | * [`lock_all`](#-chrony--lock_all)
182 | * [`sched_priority`](#-chrony--sched_priority)
183 | * [`leapsecmode`](#-chrony--leapsecmode)
184 | * [`leapsectz`](#-chrony--leapsectz)
185 | * [`maxdistance`](#-chrony--maxdistance)
186 | * [`maxslewrate`](#-chrony--maxslewrate)
187 | * [`ntsserverkey`](#-chrony--ntsserverkey)
188 | * [`ntsservercert`](#-chrony--ntsservercert)
189 | * [`ntsport`](#-chrony--ntsport)
190 | * [`maxntsconnections`](#-chrony--maxntsconnections)
191 | * [`ntsprocesses`](#-chrony--ntsprocesses)
192 | * [`ntsdumpdir`](#-chrony--ntsdumpdir)
193 | * [`ntsntpserver`](#-chrony--ntsntpserver)
194 | * [`ntsrotate`](#-chrony--ntsrotate)
195 | * [`clientlog`](#-chrony--clientlog)
196 | * [`clientloglimit`](#-chrony--clientloglimit)
197 | * [`rtcsync`](#-chrony--rtcsync)
198 | * [`rtconutc`](#-chrony--rtconutc)
199 | * [`hwtimestamps`](#-chrony--hwtimestamps)
200 | * [`dumpdir`](#-chrony--dumpdir)
201 | * [`maxupdateskew`](#-chrony--maxupdateskew)
202 | * [`acquisitionport`](#-chrony--acquisitionport)
203 |
204 | ##### `bindaddress`
205 |
206 | Data type: `Array[Stdlib::IP::Address]`
207 |
208 | Array of addresses of interfaces on which chronyd will listen for NTP traffic.
209 | Listens on all addresses if left empty.
210 |
211 | Default value: `[]`
212 |
213 | ##### `bindcmdaddress`
214 |
215 | Data type: `Array[String]`
216 |
217 | Array of addresses of interfaces on which chronyd will listen for monitoring command packets.
218 |
219 | Default value: `['127.0.0.1', '::1']`
220 |
221 | ##### `initstepslew`
222 |
223 | Data type: `Optional[String]`
224 |
225 | Allow chronyd to make a rapid measurement of the system clock error at boot time,
226 | and to correct the system clock by stepping before normal operation begins.
227 |
228 | Default value: `undef`
229 |
230 | ##### `confdir`
231 |
232 | Data type: `Optional[Stdlib::Absolutepath]`
233 |
234 | The confdir directive includes configuration files with the .conf suffix from a directory.
235 |
236 | Default value: `undef`
237 |
238 | ##### `sourcedir`
239 |
240 | Data type: `Optional[Stdlib::Absolutepath]`
241 |
242 | The sourcedir directive is identical to the confdir directive, except the configuration files have the .sources suffix, they can only specify NTP sources.
243 |
244 | Default value: `undef`
245 |
246 | ##### `cmdacl`
247 |
248 | Data type: `Array[String]`
249 |
250 | An array of ACLs for monitoring access. This expects a list of directives, for
251 | example: `['cmdallow 1.2.3.4', 'cmddeny 1.2.3']`. The order will be respected at
252 | the time of generating the configuration. The argument of the allow or deny
253 | commands can be an address, a partial address or a subnet (see manpage for more
254 | details).
255 |
256 | Default value: `[]`
257 |
258 | ##### `cmdport`
259 |
260 | Data type: `Optional[Stdlib::Port]`
261 |
262 | The cmdport directive allows the port that is used for run-time monitoring (via the chronyc program)
263 | to be altered from its default (323).
264 |
265 | Default value: `undef`
266 |
267 | ##### `commandkey`
268 |
269 | Data type: `NotUndef`
270 |
271 | This sets the key ID used by chronyc to authenticate to chronyd.
272 |
273 | Default value: `0`
274 |
275 | ##### `chrony_password`
276 |
277 | Data type: `Variant[Sensitive[String[1]], String[1]]`
278 |
279 | This sets the chrony password to be used in the key file.
280 | By default a short fixed string is used. If set explicitly to
281 | 'unset' then no password will be added to the keys file by puppet.
282 |
283 | Default value: `'xyzzy'`
284 |
285 | ##### `config`
286 |
287 | Data type: `Stdlib::Unixpath`
288 |
289 | This sets the file to write chrony configuration into.
290 |
291 | Default value: `'/etc/chrony/chrony.conf'`
292 |
293 | ##### `config_template`
294 |
295 | Data type: `String[1]`
296 |
297 | This determines which template puppet should use for the chrony configuration.
298 |
299 | Default value: `'chrony/chrony.conf.epp'`
300 |
301 | ##### `config_keys`
302 |
303 | Data type: `Variant[Stdlib::Unixpath,String[0,0]]`
304 |
305 | This sets the file to write chrony keys into. Set to '' to remove `keyfile` attribute from the config.
306 |
307 | Default value: `'/etc/chrony/chrony.keys'`
308 |
309 | ##### `config_keys_manage`
310 |
311 | Data type: `Boolean`
312 |
313 | Determines whether puppet will manage the content of the keys file after it has been created for the first time.
314 |
315 | Default value: `true`
316 |
317 | ##### `config_keys_template`
318 |
319 | Data type: `String[1]`
320 |
321 | This determines which template puppet should use for the chrony key file.
322 |
323 | Default value: `'chrony/chrony.keys.epp'`
324 |
325 | ##### `config_keys_owner`
326 |
327 | Data type: `Variant[Integer[0],String[1]]`
328 |
329 | Specify unix owner of chrony keys file, defaults to 0.
330 |
331 | Default value: `0`
332 |
333 | ##### `config_keys_group`
334 |
335 | Data type: `Variant[Integer[0],String[1]]`
336 |
337 | Specify unix group of chrony keys files, defaults to 0 on ArchLinux and chrony on Redhat.
338 |
339 | Default value: `0`
340 |
341 | ##### `config_keys_mode`
342 |
343 | Data type: `Stdlib::Filemode`
344 |
345 | Specify unix mode of chrony keys files, defaults to 0644 on ArchLinux and 0640 on Redhat.
346 |
347 | Default value: `'0640'`
348 |
349 | ##### `keys`
350 |
351 | Data type: `Array[String[1]]`
352 |
353 | An array of key lines. These are printed as-is into the chrony key file.
354 |
355 | Default value: `[]`
356 |
357 | ##### `driftfile`
358 |
359 | Data type: `Stdlib::Unixpath`
360 |
361 | A file for chrony to record clock drift in.
362 |
363 | Default value: `'/var/lib/chrony/drift'`
364 |
365 | ##### `local_stratum`
366 |
367 | Data type: `Variant[Boolean[false],Integer[1,15]]`
368 |
369 | Override the stratum of the server which will be reported to clients
370 | when the local reference is active. Use `false` to not set local_stratum in
371 | chrony configuration.
372 |
373 | Default value: `10`
374 |
375 | ##### `local_orphan`
376 |
377 | Data type: `Boolean`
378 |
379 | Put the server in 'orphan' mode when the local reference is active. Does
380 | nothing if local_stratum is not set.
381 |
382 | Default value: `false`
383 |
384 | ##### `ntpsigndsocket`
385 |
386 | Data type: `Optional[Stdlib::Unixpath]`
387 |
388 | This sets the location of the Samba ntp_signd socket when it is running as a Domain Controller (DC).
389 |
390 | Default value: `undef`
391 |
392 | ##### `stratumweight`
393 |
394 | Data type: `Optional[Numeric]`
395 |
396 | Sets how much distance should be added per stratum to the synchronisation distance when chronyd
397 | selects the synchronisation source from available sources.
398 | When not set, chronyd's default will be used, which since version 2.0 of chrony, is 0.001 seconds.
399 |
400 | Default value: `undef`
401 |
402 | ##### `log_options`
403 |
404 | Data type: `Optional[String[1]]`
405 |
406 | Specify which information is to be logged.
407 |
408 | Default value: `undef`
409 |
410 | ##### `logbanner`
411 |
412 | Data type: `Optional[Integer[0]]`
413 |
414 | Specify how often the log banner is placed in the logfile.
415 |
416 | Default value: `undef`
417 |
418 | ##### `logchange`
419 |
420 | Data type: `Float`
421 |
422 | Sets the threshold for the adjustment of the system clock that will generate a syslog message.
423 | Clock errors detected via NTP packets, reference clocks, or timestamps entered via the settime
424 | command of chronyc are logged.
425 |
426 | Default value: `0.5`
427 |
428 | ##### `package_ensure`
429 |
430 | Data type: `String[1]`
431 |
432 | This can be set to 'present' or 'latest' or a specific version to choose the
433 | chrony package to be installed.
434 |
435 | Default value: `'present'`
436 |
437 | ##### `package_name`
438 |
439 | Data type: `String[1]`
440 |
441 | This determines the name of the package to install.
442 |
443 | Default value: `'chrony'`
444 |
445 | ##### `package_source`
446 |
447 | Data type: `Optional[String]`
448 |
449 | Source for the package when not wanting to install from a package repository. This is required if
450 | [`package_provider`](#package_provider) is set to `rpm` or `dpkg`.
451 |
452 | Default value: `undef`
453 |
454 | ##### `package_provider`
455 |
456 | Data type: `Optional[String]`
457 |
458 | Override the default package provider with a specific backend to use when installing the chrony package.
459 | Also see [`package_source`](#package_source).
460 |
461 | Default value: `undef`
462 |
463 | ##### `peers`
464 |
465 | Data type: `Chrony::Servers`
466 |
467 | This selects the servers to use for NTP peers (symmetric association).
468 | It can be an array of peers or a hash of peers with their respective options.
469 |
470 | Default value: `[]`
471 |
472 | ##### `servers`
473 |
474 | Data type: `Chrony::Servers`
475 |
476 | This selects the servers to use for NTP servers. It can be an array of servers
477 | or a hash of servers to their respective options. If an array is used, `iburst` will be configured for each server.
478 | If you don't want to use `iburst`, use a hash instead.
479 |
480 | Default value:
481 |
482 | ```puppet
483 | {
484 | '0.pool.ntp.org' => ['iburst'],
485 | '1.pool.ntp.org' => ['iburst'],
486 | '2.pool.ntp.org' => ['iburst'],
487 | '3.pool.ntp.org' => ['iburst'],
488 | }
489 | ```
490 |
491 | ##### `pools`
492 |
493 | Data type: `Chrony::Servers`
494 |
495 | This is used to specify one or more *pools* of NTP servers to use instead of individual NTP servers.
496 | Similar to [`server`](#server), it can be an array of pools, (using iburst), or a hash of pools to their respective options.
497 | See [pool](https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#pool)
498 |
499 | Default value: `{}`
500 |
501 | ##### `minsources`
502 |
503 | Data type: `Optional[Integer[1]]`
504 |
505 | Sets the minimum number of sources that need to be considered as selectable in the source selection algorithm
506 | before the local clock is updated.
507 |
508 | Default value: `undef`
509 |
510 | ##### `minsamples`
511 |
512 | Data type: `Optional[Integer[1]]`
513 |
514 | Specifies the minimum number of readings kept for tracking of the NIC clock.
515 |
516 | Default value: `undef`
517 |
518 | ##### `refclocks`
519 |
520 | Data type: `Array`
521 |
522 | List of `refclock` directives to be added to the chrony configuration file.
523 | Each element of the list should be a string which completes the `refclock` `chrony.conf` directive.
524 |
525 | Example:
526 | ```puppet
527 | refclocks => [
528 | 'PPS /dev/pps0 lock NMEA refid GPS',
529 | 'SHM 0 offset 0.5 delay 0.2 refid NMEA noselect',
530 | 'PPS /dev/pps1:clear refid GPS2',
531 | ],
532 | ```
533 |
534 | Default value: `[]`
535 |
536 | ##### `makestep_seconds`
537 |
538 | Data type: `Numeric`
539 |
540 | Configures the [`makestep`](https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#makestep) `threshold`.
541 | Normally chronyd will cause the system to gradually correct any time offset, by slowing down or speeding up the clock as required.
542 | If the adjustment is larger than `makestep_seconds`, chronyd will step the clock.
543 | Also see [`makestep_updates`](#makestep_updates).
544 |
545 | Default value: `10`
546 |
547 | ##### `makestep_updates`
548 |
549 | Data type: `Integer`
550 |
551 | Configures the [`makestep`](https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#makestep) `limit`.
552 | Chronyd will step the time only if there have been no more than `makestep_updates` clock updates.
553 | Set to a negative value to disable the limit (useful for virtual machines and laptops that may get suspended for a prolonged time).
554 | Also see [`makestep_seconds`](#makestep_seconds).
555 |
556 | Default value: `3`
557 |
558 | ##### `queryhosts`
559 |
560 | Data type: `Array[String[0]]`
561 |
562 | This adds the networks, hosts that are allowed to query the daemon.
563 |
564 | Default value: `[]`
565 |
566 | ##### `denyqueryhosts`
567 |
568 | Data type: `Array[String[0]]`
569 |
570 | Similar to queryhosts, except that it denies NTP client access to a particular subnet or host,
571 | rather than allowing it.
572 |
573 | Default value: `[]`
574 |
575 | ##### `port`
576 |
577 | Data type: `Optional[Stdlib::Port]`
578 |
579 | Port the service should listen on. Module default is `undef` which means that port
580 | isn't added to chrony.conf, and chrony listens to the default ntp port 123 if
581 | `queryhosts` is used.
582 |
583 | Default value: `undef`
584 |
585 | ##### `service_enable`
586 |
587 | Data type: `Boolean`
588 |
589 | This determines if the service should be enabled at boot.
590 |
591 | Default value: `true`
592 |
593 | ##### `service_ensure`
594 |
595 | Data type: `Stdlib::Ensure::Service`
596 |
597 | This determines if the service should be running or not.
598 |
599 | Default value: `'running'`
600 |
601 | ##### `service_manage`
602 |
603 | Data type: `Boolean`
604 |
605 | This selects if puppet should manage the service in the first place.
606 |
607 | Default value: `true`
608 |
609 | ##### `service_name`
610 |
611 | Data type: `String[1]`
612 |
613 | This selects the name of the chrony service for puppet to manage.
614 |
615 | Default value: `'chronyd'`
616 |
617 | ##### `wait_enable`
618 |
619 | Data type: `Boolean`
620 |
621 | This determines if the chrony-wait service should be enabled at boot.
622 |
623 | Default value: `false`
624 |
625 | ##### `wait_ensure`
626 |
627 | Data type: `Stdlib::Ensure::Service`
628 |
629 | This determines if the chrony-wait service should be running or not.
630 |
631 | Default value: `'stopped'`
632 |
633 | ##### `wait_manage`
634 |
635 | Data type: `Boolean`
636 |
637 | This selects if puppet should manage the chrony-wait service in the first place.
638 |
639 | Default value: `false`
640 |
641 | ##### `wait_name`
642 |
643 | Data type: `String[1]`
644 |
645 | This selects the name of the chrony-wait service for puppet to manage.
646 |
647 | Default value: `'chrony-wait.service'`
648 |
649 | ##### `smoothtime`
650 |
651 | Data type: `Optional[String]`
652 |
653 | Specify the smoothing of the time parameter as a string, for example `smoothtime 50000 0.01`.
654 |
655 | Default value: `undef`
656 |
657 | ##### `mailonchange`
658 |
659 | Data type: `Optional[String[1]]`
660 |
661 | Specify the mail you wanna alert when chronyd executes a sync grater than the `threshold`.
662 |
663 | Default value: `undef`
664 |
665 | ##### `threshold`
666 |
667 | Data type: `Float`
668 |
669 | Specify the time limit for triggering events.
670 |
671 | Default value: `0.5`
672 |
673 | ##### `lock_all`
674 |
675 | Data type: `Boolean`
676 |
677 | Force chrony to only use RAM & prevent swapping.
678 |
679 | Default value: `false`
680 |
681 | ##### `sched_priority`
682 |
683 | Data type: `Optional[Integer[0,100]]`
684 |
685 | Set the CPU thread scheduler, this value is OS specific.
686 |
687 | Default value: `undef`
688 |
689 | ##### `leapsecmode`
690 |
691 | Data type: `Optional[Enum['system', 'step', 'slew', 'ignore']]`
692 |
693 | Configures how to insert the leap second mode.
694 |
695 | Default value: `undef`
696 |
697 | ##### `leapsectz`
698 |
699 | Data type: `Optional[String]`
700 |
701 | Specifies a timezone that chronyd can use to determine the offset between UTC and TAI.
702 |
703 | Default value: `undef`
704 |
705 | ##### `maxdistance`
706 |
707 | Data type: `Optional[Float]`
708 |
709 | Sets the maximum root distance of a source to be acceptable for synchronisation of the clock.
710 |
711 | Default value: `undef`
712 |
713 | ##### `maxslewrate`
714 |
715 | Data type: `Optional[Float]`
716 |
717 | Maximum rate for chronyd to slew the time. Only float type values possible, for example: `maxslewrate 1000.0`.
718 |
719 | Default value: `undef`
720 |
721 | ##### `ntsserverkey`
722 |
723 | Data type: `Optional[Stdlib::Absolutepath]`
724 |
725 | This directive specifies a file containing a private key in the PEM format for chronyd to operate as an NTS server.
726 |
727 | Default value: `undef`
728 |
729 | ##### `ntsservercert`
730 |
731 | Data type: `Optional[Stdlib::Absolutepath]`
732 |
733 | This directive specifies a file containing a certificate in the PEM format for chronyd to operate as an NTS server.
734 |
735 | Default value: `undef`
736 |
737 | ##### `ntsport`
738 |
739 | Data type: `Optional[Stdlib::Port]`
740 |
741 | This directive specifies the TCP port on which chronyd will provide the NTS Key Establishment (NTS-KE) service.
742 |
743 | Default value: `undef`
744 |
745 | ##### `maxntsconnections`
746 |
747 | Data type: `Optional[Integer[0]]`
748 |
749 | This directive specifies the maximum number of concurrent NTS-KE connections per process that the NTS server will accept.
750 |
751 | Default value: `undef`
752 |
753 | ##### `ntsprocesses`
754 |
755 | Data type: `Optional[Integer[0]]`
756 |
757 | This directive specifies how many helper processes will chronyd operating as an NTS server start for handling client NTS-KE requests in order to improve
758 | performance with multi-core CPUs and multithreading.
759 |
760 | Default value: `undef`
761 |
762 | ##### `ntsdumpdir`
763 |
764 | Data type: `Optional[Stdlib::Absolutepath]`
765 |
766 | This directive specifies a directory where chronyd operating as an NTS server can save the keys which encrypt NTS cookies provided to clients.
767 |
768 | Default value: `undef`
769 |
770 | ##### `ntsntpserver`
771 |
772 | Data type: `Optional[String]`
773 |
774 | This directive specifies the hostname (as a fully qualified domain name) or address of the NTP server(s) which is provided in the NTS-KE response to the
775 | clients.
776 |
777 | Default value: `undef`
778 |
779 | ##### `ntsrotate`
780 |
781 | Data type: `Optional[Integer[0]]`
782 |
783 | This directive specifies the rotation interval (in seconds) of the server key which encrypts the NTS cookies.
784 |
785 | Default value: `undef`
786 |
787 | ##### `clientlog`
788 |
789 | Data type: `Boolean`
790 |
791 | Determines whether to log client accesses.
792 |
793 | Default value: `false`
794 |
795 | ##### `clientloglimit`
796 |
797 | Data type: `Optional[Integer]`
798 |
799 | When set, specifies the maximum amount of memory in bytes that chronyd is allowed to allocate for logging of client accesses.
800 | If not set, chrony's, default will be used. In modern versions this is 524288 bytes. Older versions defaulted to have no limit.
801 | See [clientloglimit](https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#clientloglimit)
802 |
803 | Default value: `undef`
804 |
805 | ##### `rtcsync`
806 |
807 | Data type: `Boolean`
808 |
809 | Sync system clock to RTC periodically
810 |
811 | Default value: `true`
812 |
813 | ##### `rtconutc`
814 |
815 | Data type: `Boolean`
816 |
817 | Keep RTC in UTC instead of local time.
818 | If not set, chrony's, default will be used. On Arch Linux the default is true instead.
819 | See [rtconutc](https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#rtconutc)
820 |
821 | Default value: `false`
822 |
823 | ##### `hwtimestamps`
824 |
825 | Data type: `Variant[Hash,Array[String]]`
826 |
827 | This selects interfaces to enable hardware timestamps on. It can be an array of
828 | interfaces or a hash of interfaces to their respective options.
829 |
830 | Default value: `[]`
831 |
832 | ##### `dumpdir`
833 |
834 | Data type: `Optional[Stdlib::Unixpath]`
835 |
836 | Directory to store measurement history in on exit.
837 |
838 | Default value: `undef`
839 |
840 | ##### `maxupdateskew`
841 |
842 | Data type: `Optional[Float]`
843 |
844 | Sets the threshold for determining whether an estimate might be so unreliable that it should not be used
845 |
846 | Default value: `undef`
847 |
848 | ##### `acquisitionport`
849 |
850 | Data type: `Optional[Integer[1,65535]]`
851 |
852 | Sets the acquisitionport for client queries
853 |
854 | Default value: `undef`
855 |
856 | ## Data types
857 |
858 | ### `Chrony::Servers`
859 |
860 | This type is for the `servers`, `pools` and `peers` parameters.
861 |
862 | #### Examples
863 |
864 | ##### A hash of servers
865 |
866 | ```puppet
867 | {
868 | 'ntp1.example.com => [
869 | 'minpoll 3',
870 | 'maxpoll 6',
871 | ],
872 | 'ntp2.example.com => [
873 | 'iburst',
874 | 'minpoll 4',
875 | 'maxpoll 8',
876 | ],
877 | }
878 | ```
879 |
880 | ##### An array of servers
881 |
882 | ```puppet
883 | [
884 | 'ntp1.example.com',
885 | 'ntp2.example.com',
886 | ]
887 | ```
888 |
889 | Alias of `Variant[Hash[Stdlib::Host, Optional[Array[String]]], Array[Stdlib::Host]]`
890 |
891 |
--------------------------------------------------------------------------------
/Rakefile:
--------------------------------------------------------------------------------
1 | # Managed by modulesync - DO NOT EDIT
2 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
3 |
4 | # Attempt to load voxpupuli-test (which pulls in puppetlabs_spec_helper),
5 | # otherwise attempt to load it directly.
6 | begin
7 | require 'voxpupuli/test/rake'
8 | rescue LoadError
9 | begin
10 | require 'puppetlabs_spec_helper/rake_tasks'
11 | rescue LoadError
12 | end
13 | end
14 |
15 | # load optional tasks for acceptance
16 | # only available if gem group releases is installed
17 | begin
18 | require 'voxpupuli/acceptance/rake'
19 | rescue LoadError
20 | end
21 |
22 | # load optional tasks for releases
23 | # only available if gem group releases is installed
24 | begin
25 | require 'voxpupuli/release/rake_tasks'
26 | rescue LoadError
27 | # voxpupuli-release not present
28 | else
29 | GCGConfig.user = 'voxpupuli'
30 | GCGConfig.project = 'puppet-chrony'
31 | end
32 |
33 | desc "Run main 'test' task and report merged results to coveralls"
34 | task test_with_coveralls: [:test] do
35 | if Dir.exist?(File.expand_path('../lib', __FILE__))
36 | require 'coveralls/rake/task'
37 | Coveralls::RakeTask.new
38 | Rake::Task['coveralls:push'].invoke
39 | else
40 | puts 'Skipping reporting to coveralls. Module has no lib dir'
41 | end
42 | end
43 |
44 | # vim: syntax=ruby
45 |
--------------------------------------------------------------------------------
/data/Archlinux.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | chrony::clientlog: true
3 | chrony::cmdacl:
4 | - cmdallow 127.0.0.1
5 | chrony::config_keys_mode: '0644'
6 | chrony::config_keys: /etc/chrony.keys
7 | chrony::config: /etc/chrony.conf
8 | chrony::dumpdir: /var/lib/chrony
9 | chrony::rtconutc: true
10 | chrony::wait_manage: true
11 |
--------------------------------------------------------------------------------
/data/Debian.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | chrony::driftfile: /var/lib/chrony/chrony.drift
3 | chrony::leapsectz: right/UTC
4 | chrony::makestep_seconds: 1
5 | chrony::maxupdateskew: 100.0
6 | chrony::ntsdumpdir: /var/lib/chrony
7 |
--------------------------------------------------------------------------------
/data/Debian/20.04.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | chrony::ntsdumpdir: ~
3 |
--------------------------------------------------------------------------------
/data/Gentoo.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | chrony::clientlog: true
3 | chrony::config_keys_mode: '0644'
4 | chrony::package_name: net-misc/chrony
5 | chrony::rtconutc: true
6 |
--------------------------------------------------------------------------------
/data/RedHat.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | chrony::config_keys_group: chrony
3 | chrony::config_keys: /etc/chrony.keys
4 | chrony::config: /etc/chrony.conf
5 | chrony::wait_manage: true
6 |
--------------------------------------------------------------------------------
/data/RedHat/9.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | chrony::leapsectz: right/UTC
3 | chrony::ntsdumpdir: /var/lib/chrony
4 | chrony::makestep_seconds: 1.0
5 |
--------------------------------------------------------------------------------
/data/Suse.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | chrony::config_keys_group: chrony
3 | chrony::config_keys: /etc/chrony.keys
4 | chrony::config: /etc/chrony.conf
5 | chrony::wait_manage: true
6 |
--------------------------------------------------------------------------------
/examples/init.pp:
--------------------------------------------------------------------------------
1 | node default {
2 | notify { 'enduser-before': }
3 | notify { 'enduser-after': }
4 |
5 | class { 'chrony':
6 | require => Notify['enduser-before'],
7 | before => Notify['enduser-after'],
8 | }
9 | }
10 |
--------------------------------------------------------------------------------
/functions/server_array_to_hash.pp:
--------------------------------------------------------------------------------
1 | # @summary Function to normalise servers/pools/peers
2 | #
3 | # @api private
4 | # @return [Hash] returns the original hash or converts the array to an hash
5 | function chrony::server_array_to_hash(Variant[Hash,Array] $servers, $options = []) >> Hash {
6 | if $servers.is_a(Hash) {
7 | $servers
8 | } else {
9 | $servers.reduce({}) |$memo, $server| { # lint:ignore:manifest_whitespace_opening_brace_before
10 | $memo + { $server => $options }
11 | }
12 | }
13 | }
14 |
--------------------------------------------------------------------------------
/hiera.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | version: 5
3 |
4 | hierarchy:
5 | - name: OS family
6 | paths:
7 | - '%{facts.os.family}/%{facts.os.release.major}.yaml'
8 | - '%{facts.os.family}.yaml'
9 |
--------------------------------------------------------------------------------
/manifests/config.pp:
--------------------------------------------------------------------------------
1 | # @summary Configures chrony
2 | #
3 | # @api private
4 | class chrony::config {
5 | assert_private()
6 |
7 | file { $chrony::config:
8 | ensure => file,
9 | owner => 0,
10 | group => 0,
11 | mode => '0644',
12 | content => epp($chrony::config_template,
13 | {
14 | servers => chrony::server_array_to_hash($chrony::servers, ['iburst']),
15 | pools => chrony::server_array_to_hash($chrony::pools, ['iburst']),
16 | peers => chrony::server_array_to_hash($chrony::peers),
17 | }
18 | ),
19 | }
20 |
21 | $chrony_password = $chrony::chrony_password.unwrap
22 | $keys_params = {
23 | 'chrony_password' => $chrony_password,
24 | 'commandkey' => $chrony::commandkey,
25 | 'keys' => $chrony::keys,
26 | }
27 |
28 | unless empty($chrony::config_keys) {
29 | file { $chrony::config_keys:
30 | ensure => file,
31 | replace => $chrony::config_keys_manage,
32 | owner => $chrony::config_keys_owner,
33 | group => $chrony::config_keys_group,
34 | mode => $chrony::config_keys_mode,
35 | content => Sensitive(epp($chrony::config_keys_template, $keys_params)),
36 | }
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/manifests/init.pp:
--------------------------------------------------------------------------------
1 | # @summary Installs and configures chrony
2 | #
3 | # @example Install chrony with default options
4 | # include chrony
5 | # @example Use specific servers (These will be configured with the `iburst` option.)
6 | # class { 'chrony':
7 | # servers => [ 'ntp1.corp.com', 'ntp2.corp.com', ],
8 | # }
9 | # @example Two specific servers without `iburst`
10 | # class { 'chrony':
11 | # servers => {
12 | # 'ntp1.corp.com' => [],
13 | # 'ntp2.corp.com' => [],
14 | # },
15 | # }
16 | # @example Ensure a secret password is used for chronyc
17 | # class { 'chrony':
18 | # servers => [ 'ntp1.corp.com', 'ntp2.corp.com', ],
19 | # chrony_password => 'secret_password',
20 | # }
21 | # @example Use NTP authentication
22 | # class { 'chrony':
23 | # keys => [
24 | # '25 SHA1 HEX:1dc764e0791b11fa67efc7ecbc4b0d73f68a070c',
25 | # ],
26 | # servers => {
27 | # 'ntp1.corp.com' => ['key 25', 'iburst'],
28 | # 'ntp2.corp.com' => ['key 25', 'iburst'],
29 | # },
30 | # }
31 | # @example Have chronyd autogenerate a command key at startup
32 | # class { 'chrony':
33 | # chrony_password => 'unset',
34 | # config_keys_manage => false,
35 | # }
36 | # @example Allow some hosts
37 | # class { 'chrony':
38 | # queryhosts => ['192.168/16'],
39 | # }
40 | # @example Configure the leap second mode
41 | # class { 'chrony':
42 | # leapsecmode => 'slew',
43 | # smoothtime => '400 0.001 leaponly',
44 | # maxslewrate => 1000.0
45 | # }
46 | # @example Configure [makestep](https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#makestep)
47 | # # Step the system clock if the adjustment is larger than 1000 seconds, but only in the first ten clock updates.
48 | # class { 'chrony':
49 | # makestep_seconds => 1000,
50 | # makestep_updates => 10,
51 | # }
52 | #
53 | # @see https://chrony.tuxfamily.org
54 | #
55 | # @param bindaddress
56 | # Array of addresses of interfaces on which chronyd will listen for NTP traffic.
57 | # Listens on all addresses if left empty.
58 | # @param bindcmdaddress
59 | # Array of addresses of interfaces on which chronyd will listen for monitoring command packets.
60 | # @param initstepslew
61 | # Allow chronyd to make a rapid measurement of the system clock error at boot time,
62 | # and to correct the system clock by stepping before normal operation begins.
63 | # @param confdir
64 | # The confdir directive includes configuration files with the .conf suffix from a directory.
65 | # @param sourcedir
66 | # The sourcedir directive is identical to the confdir directive, except the configuration files have the .sources suffix, they can only specify NTP sources.
67 | # @param cmdacl
68 | # An array of ACLs for monitoring access. This expects a list of directives, for
69 | # example: `['cmdallow 1.2.3.4', 'cmddeny 1.2.3']`. The order will be respected at
70 | # the time of generating the configuration. The argument of the allow or deny
71 | # commands can be an address, a partial address or a subnet (see manpage for more
72 | # details).
73 | # @param cmdport
74 | # The cmdport directive allows the port that is used for run-time monitoring (via the chronyc program)
75 | # to be altered from its default (323).
76 | # @param commandkey
77 | # This sets the key ID used by chronyc to authenticate to chronyd.
78 | # @param chrony_password
79 | # This sets the chrony password to be used in the key file.
80 | # By default a short fixed string is used. If set explicitly to
81 | # 'unset' then no password will be added to the keys file by puppet.
82 | # @param config
83 | # This sets the file to write chrony configuration into.
84 | # @param config_template
85 | # This determines which template puppet should use for the chrony configuration.
86 | # @param config_keys
87 | # This sets the file to write chrony keys into. Set to '' to remove `keyfile` attribute from the config.
88 | # @param config_keys_manage
89 | # Determines whether puppet will manage the content of the keys file after it has been created for the first time.
90 | # @param config_keys_template
91 | # This determines which template puppet should use for the chrony key file.
92 | # @param config_keys_owner
93 | # Specify unix owner of chrony keys file, defaults to 0.
94 | # @param config_keys_group
95 | # Specify unix group of chrony keys files, defaults to 0 on ArchLinux and chrony on Redhat.
96 | # @param config_keys_mode
97 | # Specify unix mode of chrony keys files, defaults to 0644 on ArchLinux and 0640 on Redhat.
98 | # @param keys
99 | # An array of key lines. These are printed as-is into the chrony key file.
100 | # @param driftfile
101 | # A file for chrony to record clock drift in.
102 | # @param local_stratum
103 | # Override the stratum of the server which will be reported to clients
104 | # when the local reference is active. Use `false` to not set local_stratum in
105 | # chrony configuration.
106 | # @param local_orphan
107 | # Put the server in 'orphan' mode when the local reference is active. Does
108 | # nothing if local_stratum is not set.
109 | # @param ntpsigndsocket
110 | # This sets the location of the Samba ntp_signd socket when it is running as a Domain Controller (DC).
111 | # @param stratumweight
112 | # Sets how much distance should be added per stratum to the synchronisation distance when chronyd
113 | # selects the synchronisation source from available sources.
114 | # When not set, chronyd's default will be used, which since version 2.0 of chrony, is 0.001 seconds.
115 | # @param log_options
116 | # Specify which information is to be logged.
117 | # @param logbanner
118 | # Specify how often the log banner is placed in the logfile.
119 | # @param logchange
120 | # Sets the threshold for the adjustment of the system clock that will generate a syslog message.
121 | # Clock errors detected via NTP packets, reference clocks, or timestamps entered via the settime
122 | # command of chronyc are logged.
123 | # @param package_ensure
124 | # This can be set to 'present' or 'latest' or a specific version to choose the
125 | # chrony package to be installed.
126 | # @param package_name
127 | # This determines the name of the package to install.
128 | # @param package_source
129 | # Source for the package when not wanting to install from a package repository. This is required if
130 | # [`package_provider`](#package_provider) is set to `rpm` or `dpkg`.
131 | # @param package_provider
132 | # Override the default package provider with a specific backend to use when installing the chrony package.
133 | # Also see [`package_source`](#package_source).
134 | # @param peers
135 | # This selects the servers to use for NTP peers (symmetric association).
136 | # It can be an array of peers or a hash of peers with their respective options.
137 | # @param servers
138 | # This selects the servers to use for NTP servers. It can be an array of servers
139 | # or a hash of servers to their respective options. If an array is used, `iburst` will be configured for each server.
140 | # If you don't want to use `iburst`, use a hash instead.
141 | # @param pools
142 | # This is used to specify one or more *pools* of NTP servers to use instead of individual NTP servers.
143 | # Similar to [`server`](#server), it can be an array of pools, (using iburst), or a hash of pools to their respective options.
144 | # See [pool](https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#pool)
145 | # @param minsources
146 | # Sets the minimum number of sources that need to be considered as selectable in the source selection algorithm
147 | # before the local clock is updated.
148 | # @param minsamples
149 | # Specifies the minimum number of readings kept for tracking of the NIC clock.
150 | # @param refclocks
151 | # List of `refclock` directives to be added to the chrony configuration file.
152 | # Each element of the list should be a string which completes the `refclock` `chrony.conf` directive.
153 | #
154 | # Example:
155 | # ```puppet
156 | # refclocks => [
157 | # 'PPS /dev/pps0 lock NMEA refid GPS',
158 | # 'SHM 0 offset 0.5 delay 0.2 refid NMEA noselect',
159 | # 'PPS /dev/pps1:clear refid GPS2',
160 | # ],
161 | # ```
162 | # @param makestep_seconds
163 | # Configures the [`makestep`](https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#makestep) `threshold`.
164 | # Normally chronyd will cause the system to gradually correct any time offset, by slowing down or speeding up the clock as required.
165 | # If the adjustment is larger than `makestep_seconds`, chronyd will step the clock.
166 | # Also see [`makestep_updates`](#makestep_updates).
167 | # @param makestep_updates
168 | # Configures the [`makestep`](https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#makestep) `limit`.
169 | # Chronyd will step the time only if there have been no more than `makestep_updates` clock updates.
170 | # Set to a negative value to disable the limit (useful for virtual machines and laptops that may get suspended for a prolonged time).
171 | # Also see [`makestep_seconds`](#makestep_seconds).
172 | # @param queryhosts
173 | # This adds the networks, hosts that are allowed to query the daemon.
174 | # @param denyqueryhosts
175 | # Similar to queryhosts, except that it denies NTP client access to a particular subnet or host,
176 | # rather than allowing it.
177 | # @param port
178 | # Port the service should listen on. Module default is `undef` which means that port
179 | # isn't added to chrony.conf, and chrony listens to the default ntp port 123 if
180 | # `queryhosts` is used.
181 | # @param service_enable
182 | # This determines if the service should be enabled at boot.
183 | # @param service_ensure
184 | # This determines if the service should be running or not.
185 | # @param service_manage
186 | # This selects if puppet should manage the service in the first place.
187 | # @param service_name
188 | # This selects the name of the chrony service for puppet to manage.
189 | # @param wait_enable
190 | # This determines if the chrony-wait service should be enabled at boot.
191 | # @param wait_ensure
192 | # This determines if the chrony-wait service should be running or not.
193 | # @param wait_manage
194 | # This selects if puppet should manage the chrony-wait service in the first place.
195 | # @param wait_name
196 | # This selects the name of the chrony-wait service for puppet to manage.
197 | # @param smoothtime
198 | # Specify the smoothing of the time parameter as a string, for example `smoothtime 50000 0.01`.
199 | # @param mailonchange
200 | # Specify the mail you wanna alert when chronyd executes a sync grater than the `threshold`.
201 | # @param threshold
202 | # Specify the time limit for triggering events.
203 | # @param lock_all
204 | # Force chrony to only use RAM & prevent swapping.
205 | # @param sched_priority
206 | # Set the CPU thread scheduler, this value is OS specific.
207 | # @param leapsecmode
208 | # Configures how to insert the leap second mode.
209 | # @param leapsectz
210 | # Specifies a timezone that chronyd can use to determine the offset between UTC and TAI.
211 | # @param maxdistance
212 | # Sets the maximum root distance of a source to be acceptable for synchronisation of the clock.
213 | # @param maxslewrate
214 | # Maximum rate for chronyd to slew the time. Only float type values possible, for example: `maxslewrate 1000.0`.
215 | # @param ntsserverkey
216 | # This directive specifies a file containing a private key in the PEM format for chronyd to operate as an NTS server.
217 | # @param ntsservercert
218 | # This directive specifies a file containing a certificate in the PEM format for chronyd to operate as an NTS server.
219 | # @param ntsport
220 | # This directive specifies the TCP port on which chronyd will provide the NTS Key Establishment (NTS-KE) service.
221 | # @param maxntsconnections
222 | # This directive specifies the maximum number of concurrent NTS-KE connections per process that the NTS server will accept.
223 | # @param ntsprocesses
224 | # This directive specifies how many helper processes will chronyd operating as an NTS server start for handling client NTS-KE requests in order to improve
225 | # performance with multi-core CPUs and multithreading.
226 | # @param ntsdumpdir
227 | # This directive specifies a directory where chronyd operating as an NTS server can save the keys which encrypt NTS cookies provided to clients.
228 | # @param ntsntpserver
229 | # This directive specifies the hostname (as a fully qualified domain name) or address of the NTP server(s) which is provided in the NTS-KE response to the
230 | # clients.
231 | # @param ntsrotate
232 | # This directive specifies the rotation interval (in seconds) of the server key which encrypts the NTS cookies.
233 | # @param clientlog
234 | # Determines whether to log client accesses.
235 | # @param clientloglimit
236 | # When set, specifies the maximum amount of memory in bytes that chronyd is allowed to allocate for logging of client accesses.
237 | # If not set, chrony's, default will be used. In modern versions this is 524288 bytes. Older versions defaulted to have no limit.
238 | # See [clientloglimit](https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#clientloglimit)
239 | # @param rtcsync
240 | # Sync system clock to RTC periodically
241 | # @param rtconutc
242 | # Keep RTC in UTC instead of local time.
243 | # If not set, chrony's, default will be used. On Arch Linux the default is true instead.
244 | # See [rtconutc](https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#rtconutc)
245 | # @param hwtimestamps
246 | # This selects interfaces to enable hardware timestamps on. It can be an array of
247 | # interfaces or a hash of interfaces to their respective options.
248 | # @param dumpdir
249 | # Directory to store measurement history in on exit.
250 | # @param maxupdateskew
251 | # Sets the threshold for determining whether an estimate might be so unreliable that it should not be used
252 | # @param acquisitionport
253 | # Sets the acquisitionport for client queries
254 | class chrony (
255 | Array[Stdlib::IP::Address] $bindaddress = [],
256 | Array[String] $bindcmdaddress = ['127.0.0.1', '::1'],
257 | Optional[String] $initstepslew = undef,
258 | Array[String] $cmdacl = [],
259 | Optional[Stdlib::Port] $cmdport = undef,
260 | NotUndef $commandkey = 0,
261 | Stdlib::Unixpath $config = '/etc/chrony/chrony.conf',
262 | Optional[Stdlib::Absolutepath] $confdir = undef,
263 | Optional[Stdlib::Absolutepath] $sourcedir = undef,
264 | String[1] $config_template = 'chrony/chrony.conf.epp',
265 | Variant[Stdlib::Unixpath,String[0,0]] $config_keys = '/etc/chrony/chrony.keys',
266 | String[1] $config_keys_template = 'chrony/chrony.keys.epp',
267 | Variant[Sensitive[String[1]], String[1]] $chrony_password = 'xyzzy',
268 | Variant[Integer[0],String[1]] $config_keys_owner = 0,
269 | Variant[Integer[0],String[1]] $config_keys_group = 0,
270 | Stdlib::Filemode $config_keys_mode = '0640',
271 | Boolean $config_keys_manage = true,
272 | Array[String[1]] $keys = [],
273 | Stdlib::Unixpath $driftfile = '/var/lib/chrony/drift',
274 | Variant[Boolean[false],Integer[1,15]] $local_stratum = 10,
275 | Boolean $local_orphan = false,
276 | Float $logchange = 0.5,
277 | Optional[String[1]] $log_options = undef,
278 | Optional[Integer[0]] $logbanner = undef,
279 | String[1] $package_ensure = 'present',
280 | String[1] $package_name = 'chrony',
281 | Optional[String] $package_source = undef,
282 | Optional[String] $package_provider = undef,
283 | Array $refclocks = [],
284 | Chrony::Servers $peers = [],
285 | Chrony::Servers $servers = {
286 | '0.pool.ntp.org' => ['iburst'],
287 | '1.pool.ntp.org' => ['iburst'],
288 | '2.pool.ntp.org' => ['iburst'],
289 | '3.pool.ntp.org' => ['iburst'],
290 | },
291 | Chrony::Servers $pools = {},
292 | Optional[Integer[1]] $minsources = undef,
293 | Optional[Integer[1]] $minsamples = undef,
294 | Numeric $makestep_seconds = 10,
295 | Integer $makestep_updates = 3,
296 | Array[String[0]] $queryhosts = [],
297 | Array[String[0]] $denyqueryhosts = [],
298 | Optional[String[1]] $mailonchange = undef,
299 | Float $threshold = 0.5,
300 | Boolean $lock_all = false,
301 | Optional[Integer[0,100]] $sched_priority = undef,
302 | Optional[Stdlib::Port] $port = undef,
303 | Boolean $clientlog = false,
304 | Optional[Integer] $clientloglimit = undef,
305 | Boolean $service_enable = true,
306 | Stdlib::Ensure::Service $service_ensure = 'running',
307 | Boolean $service_manage = true,
308 | String[1] $service_name = 'chronyd',
309 | Boolean $wait_enable = false,
310 | Stdlib::Ensure::Service $wait_ensure = 'stopped',
311 | Boolean $wait_manage = false,
312 | String[1] $wait_name = 'chrony-wait.service',
313 | Optional[String] $smoothtime = undef,
314 | Optional[Enum['system', 'step', 'slew', 'ignore']] $leapsecmode = undef,
315 | Optional[String] $leapsectz = undef,
316 | Optional[Float] $maxdistance = undef,
317 | Optional[Float] $maxslewrate = undef,
318 | Optional[Float] $maxupdateskew = undef,
319 | Optional[Numeric] $stratumweight = undef,
320 | Boolean $rtcsync = true,
321 | Boolean $rtconutc = false,
322 | Variant[Hash,Array[String]] $hwtimestamps = [],
323 | Optional[Stdlib::Unixpath] $dumpdir = undef,
324 | Optional[Stdlib::Unixpath] $ntpsigndsocket = undef,
325 | Optional[Stdlib::Absolutepath] $ntsserverkey = undef,
326 | Optional[Stdlib::Absolutepath] $ntsservercert = undef,
327 | Optional[Stdlib::Port] $ntsport = undef,
328 | Optional[Integer[0]] $maxntsconnections = undef,
329 | Optional[Integer[0]] $ntsprocesses = undef,
330 | Optional[Stdlib::Absolutepath] $ntsdumpdir = undef,
331 | Optional[String] $ntsntpserver = undef,
332 | Optional[Integer[0]] $ntsrotate = undef,
333 | Optional[Integer[1,65535]] $acquisitionport = undef,
334 | ) {
335 | if ! $config_keys_manage and $chrony_password != 'unset' {
336 | fail("Setting \$config_keys_manage false and \$chrony_password at same time in ${module_name} is not possible.")
337 | }
338 |
339 | contain 'chrony::install'
340 | contain 'chrony::config'
341 | contain 'chrony::service'
342 |
343 | Class['chrony::install']
344 | -> Class['chrony::config']
345 | ~> Class['chrony::service']
346 | }
347 |
--------------------------------------------------------------------------------
/manifests/install.pp:
--------------------------------------------------------------------------------
1 | # @summary Installs chrony
2 | #
3 | # @api private
4 | class chrony::install {
5 | assert_private()
6 |
7 | package { 'chrony':
8 | ensure => $chrony::package_ensure,
9 | name => $chrony::package_name,
10 | source => $chrony::package_source,
11 | provider => $chrony::package_provider,
12 | }
13 | }
14 |
--------------------------------------------------------------------------------
/manifests/service.pp:
--------------------------------------------------------------------------------
1 | # @summary Manages the chrony service
2 | #
3 | # @api private
4 | class chrony::service {
5 | assert_private()
6 |
7 | if $chrony::service_manage {
8 | service { $chrony::service_name:
9 | ensure => $chrony::service_ensure,
10 | enable => $chrony::service_enable,
11 | }
12 | }
13 |
14 | if $chrony::wait_manage {
15 | service { $chrony::wait_name:
16 | ensure => $chrony::wait_ensure,
17 | enable => $chrony::wait_enable,
18 | }
19 | }
20 | }
21 |
--------------------------------------------------------------------------------
/metadata.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "puppet-chrony",
3 | "version": "4.0.1-rc0",
4 | "author": "Vox Pupuli",
5 | "summary": "Manage chrony daemon on Linux",
6 | "license": "Apache-2.0",
7 | "source": "https://github.com/voxpupuli/puppet-chrony.git",
8 | "project_page": "https://github.com/voxpupuli/puppet-chrony",
9 | "issues_url": "https://github.com/voxpupuli/puppet-chrony/issues",
10 | "dependencies": [
11 | {
12 | "name": "puppetlabs/stdlib",
13 | "version_requirement": ">= 4.25.1 < 10.0.0"
14 | }
15 | ],
16 | "operatingsystem_support": [
17 | {
18 | "operatingsystem": "RedHat",
19 | "operatingsystemrelease": [
20 | "8",
21 | "9"
22 | ]
23 | },
24 | {
25 | "operatingsystem": "CentOS",
26 | "operatingsystemrelease": [
27 | "9"
28 | ]
29 | },
30 | {
31 | "operatingsystem": "AlmaLinux",
32 | "operatingsystemrelease": [
33 | "8",
34 | "9"
35 | ]
36 | },
37 | {
38 | "operatingsystem": "Rocky",
39 | "operatingsystemrelease": [
40 | "8",
41 | "9"
42 | ]
43 | },
44 | {
45 | "operatingsystem": "OracleLinux",
46 | "operatingsystemrelease": [
47 | "8",
48 | "9"
49 | ]
50 | },
51 | {
52 | "operatingsystem": "Debian",
53 | "operatingsystemrelease": [
54 | "11",
55 | "12"
56 | ]
57 | },
58 | {
59 | "operatingsystem": "Ubuntu",
60 | "operatingsystemrelease": [
61 | "22.04",
62 | "24.04"
63 | ]
64 | },
65 | {
66 | "operatingsystem": "SLES"
67 | },
68 | {
69 | "operatingsystem": "Archlinux"
70 | },
71 | {
72 | "operatingsystem": "Gentoo"
73 | }
74 | ],
75 | "requirements": [
76 | {
77 | "name": "puppet",
78 | "version_requirement": ">= 7.0.0 < 9.0.0"
79 | },
80 | {
81 | "name": "openvox",
82 | "version_requirement": ">= 7.0.0 < 9.0.0"
83 | }
84 | ]
85 | }
86 |
--------------------------------------------------------------------------------
/spec/acceptance/class_spec.rb:
--------------------------------------------------------------------------------
1 | # frozen_string_literal: true
2 |
3 | require 'spec_helper_acceptance'
4 | # rubocop:disable RSpec/RepeatedExampleGroupBody
5 | describe 'chrony class:' do
6 | it 'works idempotently with no errors' do
7 | pp = <<-EOS
8 | class { 'chrony': }
9 | EOS
10 |
11 | # Run it twice and test for idempotency
12 | apply_manifest(pp, catch_failures: true)
13 | apply_manifest(pp, catch_changes: true)
14 | end
15 |
16 | describe package('chrony') do
17 | it { is_expected.to be_installed }
18 | end
19 |
20 | if %w[RedHat Archlinux].include?(fact('os.family'))
21 | describe service('chronyd') do
22 | it { is_expected.to be_enabled }
23 | it { is_expected.to be_running }
24 | end
25 |
26 | describe service('chrony-wait.service') do
27 | it { is_expected.not_to be_enabled }
28 | it { is_expected.not_to be_running }
29 | end
30 | else
31 | describe service('chrony') do
32 | it { is_expected.to be_enabled }
33 | it { is_expected.to be_running }
34 | end
35 |
36 | describe service('chrony-wait.service') do
37 | it { is_expected.not_to be_running }
38 | end
39 |
40 | end
41 |
42 | describe 'with chrony-wait service enabled' do
43 | it 'works idempotently with no errors' do
44 | pp = <<-EOS
45 | class { 'chrony':
46 | wait_ensure => 'running',
47 | wait_enable => true,
48 | }
49 | EOS
50 |
51 | # Run it twice and test for idempotency
52 | apply_manifest(pp, catch_failures: true)
53 | apply_manifest(pp, catch_changes: true)
54 | end
55 |
56 | if %w[RedHat Archlinux].include?(fact('os.family'))
57 | describe service('chronyd') do
58 | it { is_expected.to be_enabled }
59 | it { is_expected.to be_running }
60 | end
61 |
62 | describe service('chrony-wait.service') do
63 | it { is_expected.to be_enabled }
64 | it { is_expected.to be_running }
65 | end
66 | else
67 | describe service('chrony') do
68 | it { is_expected.to be_enabled }
69 | it { is_expected.to be_running }
70 | end
71 |
72 | describe service('chrony-wait.service') do
73 | it { is_expected.not_to be_running }
74 | end
75 | end
76 | end
77 | end
78 | # rubocop:enable RSpec/RepeatedExampleGroupBody
79 |
--------------------------------------------------------------------------------
/spec/classes/chrony_spec.rb:
--------------------------------------------------------------------------------
1 | # frozen_string_literal: true
2 |
3 | require 'spec_helper'
4 |
5 | describe 'chrony' do
6 | on_supported_os.each do |os, facts|
7 | context "on #{os}" do
8 | let(:facts) do
9 | facts
10 | end
11 | let(:config_file) do
12 | case facts[:os]['family']
13 | when 'Archlinux', 'RedHat', 'Suse'
14 | '/etc/chrony.conf'
15 | else
16 | '/etc/chrony/chrony.conf'
17 | end
18 | end
19 | let(:keys_file) do
20 | case facts[:os]['family']
21 | when 'Archlinux', 'RedHat', 'Suse'
22 | '/etc/chrony.keys'
23 | else
24 | '/etc/chrony/chrony.keys'
25 | end
26 | end
27 | let(:config_file_contents) do
28 | catalogue.resource('file', config_file).send(:parameters)[:content]
29 | end
30 |
31 | context 'with defaults' do
32 | it { is_expected.to compile.with_all_deps }
33 | it { is_expected.to contain_class('chrony') }
34 | it { is_expected.to contain_class('chrony::install').that_comes_before('Class[chrony::config]') }
35 | it { is_expected.to contain_class('chrony::config').that_notifies('Class[chrony::service]') }
36 | it { is_expected.to contain_class('chrony::service') }
37 | end
38 |
39 | context 'chrony::package' do
40 | context 'using defaults' do
41 | it { is_expected.to contain_package('chrony').with_ensure('present') }
42 | end
43 | end
44 |
45 | context 'chrony::config' do
46 | case facts[:os]['family']
47 | when 'Archlinux'
48 | context 'using defaults' do
49 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*cmdallow 127\.0\.0\.1$}) }
50 |
51 | ['0.pool.ntp.org', '1.pool.ntp.org', '2.pool.ntp.org', '3.pool.ntp.org'].each do |s|
52 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*server #{s} iburst$}) }
53 | end
54 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*rtconutc$}) }
55 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*driftfile /var/lib/chrony/drift$}) }
56 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*rtcsync$}) }
57 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*dumpdir /var/lib/chrony$}) }
58 | it { is_expected.to contain_file(config_file).without_content(%r{^\s*ntpsigndsocket}) }
59 | it { is_expected.to contain_file(config_file).without_content(%r{^\s*\n\s*$}) }
60 | it { is_expected.to contain_file(keys_file).with_mode('0644') }
61 | it { is_expected.to contain_file(keys_file).with_owner('0') }
62 | it { is_expected.to contain_file(keys_file).with_group('0') }
63 | it { is_expected.to contain_file(keys_file).with_replace(true) }
64 | it { is_expected.to contain_file(keys_file).with_content(sensitive("0 xyzzy\n")) }
65 | end
66 | when 'Gentoo'
67 | context 'using defaults' do
68 | it do
69 | is_expected.to contain_file(config_file).
70 | without_content(%r{^\s*cmdallow}).
71 | with_content(%r{^\s*server 0.pool.ntp.org iburst$}).
72 | with_content(%r{^\s*server 1.pool.ntp.org iburst$}).
73 | with_content(%r{^\s*server 2.pool.ntp.org iburst$}).
74 | with_content(%r{^\s*server 3.pool.ntp.org iburst$}).
75 | with_content(%r{^\s*rtconutc$}).
76 | with_content(%r{^\s*driftfile /var/lib/chrony/drift$}).
77 | with_content(%r{^\s*rtcsync$}).
78 | without_content(%r{^\s*dumpdir}).
79 | without_content(%r{^\s*ntpsigndsocket}).
80 | without_content(%r{^\s*\n\s*$})
81 | end
82 |
83 | it do
84 | is_expected.to contain_file(keys_file).
85 | with_mode('0644').
86 | with_owner('0').
87 | with_group('0').
88 | with_replace(true).
89 | with_content(sensitive("0 xyzzy\n"))
90 | end
91 | end
92 | when 'RedHat'
93 | context 'using defaults' do
94 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*bindcmdaddress ::1$}) }
95 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*bindcmdaddress 127\.0\.0\.1$}) }
96 | it { is_expected.not_to contain_file(config_file).with_content(%r{^\s*cmdallow.*$}) }
97 |
98 | ['0.pool.ntp.org', '1.pool.ntp.org', '2.pool.ntp.org', '3.pool.ntp.org'].each do |s|
99 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*server #{s} iburst$}) }
100 | end
101 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*driftfile /var/lib/chrony/drift$}) }
102 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*rtcsync$}) }
103 | it { is_expected.to contain_file(config_file).without_content(%r{^\s*dumpdir}) }
104 | it { is_expected.to contain_file(config_file).without_content(%r{^\s*ntpsigndsocket}) }
105 | it { is_expected.to contain_file(config_file).without_content(%r{^\s*\n\s*$}) }
106 | it { is_expected.to contain_file(keys_file).with_mode('0640') }
107 | it { is_expected.to contain_file(keys_file).with_owner('0') }
108 | it { is_expected.to contain_file(keys_file).with_group('chrony') }
109 | it { is_expected.to contain_file(keys_file).with_replace(true) }
110 | it { is_expected.to contain_file(keys_file).with_content(sensitive("0 xyzzy\n")) }
111 | end
112 | when 'Debian'
113 | context 'using defaults' do
114 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*bindcmdaddress ::1$}) }
115 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*bindcmdaddress 127\.0\.0\.1$}) }
116 | it { is_expected.not_to contain_file(config_file).with_content(%r{^\s*cmdallow.*$}) }
117 |
118 | ['0.pool.ntp.org', '1.pool.ntp.org', '2.pool.ntp.org', '3.pool.ntp.org'].each do |s|
119 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*server #{s} iburst$}) }
120 | end
121 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*driftfile /var/lib/chrony/chrony.drift$}) }
122 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*rtcsync$}) }
123 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*leapsectz right/UTC$}) }
124 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*makestep 1 3$}) }
125 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*maxupdateskew 100.0$}) }
126 |
127 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*ntsdumpdir /var/lib/chrony$}) } unless facts[:os]['distro']['codename'] == 'focal'
128 | it { is_expected.to contain_file(config_file).without_content(%r{^\s*dumpdir}) }
129 | it { is_expected.to contain_file(config_file).without_content(%r{^\s*ntpsigndsocket}) }
130 | it { is_expected.to contain_file(config_file).without_content(%r{^\s*\n\s*$}) }
131 | it { is_expected.to contain_file(keys_file).with_mode('0640') }
132 | it { is_expected.to contain_file(keys_file).with_owner('0') }
133 | it { is_expected.to contain_file(keys_file).with_group('0') }
134 | it { is_expected.to contain_file(keys_file).with_replace(true) }
135 | it { is_expected.to contain_file(keys_file).with_content(sensitive("0 xyzzy\n")) }
136 | end
137 | end
138 | it { is_expected.to contain_file(config_file).with_content(%r{keyfile .*chrony.keys}) }
139 | end
140 |
141 | context 'with empty config_keys' do
142 | let :params do
143 | {
144 | config_keys: ''
145 | }
146 | end
147 |
148 | it { is_expected.to compile.with_all_deps }
149 | it { is_expected.to contain_file(config_file).without_content(%r{keyfile .*chrony.keys}) }
150 | it { is_expected.not_to contain_file(keys_file) }
151 | end
152 |
153 | context 'with some params passed in' do
154 | let(:params) do
155 | {
156 | queryhosts: ['192.168/16'],
157 | denyqueryhosts: ['10.0/16'],
158 | port: 123,
159 | cmdport: 257,
160 | config_keys_mode: '0123',
161 | config_keys_owner: 'steve',
162 | config_keys_group: 'mrt',
163 | config_keys_manage: true,
164 | confdir: '/tmp/chroconf',
165 | sourcedir: '/tmp/chrosources',
166 | chrony_password: sensitive('sunny'),
167 | bindaddress: ['10.0.0.1', '::1'],
168 | bindcmdaddress: ['10.0.0.1'],
169 | initstepslew: '600',
170 | cmdacl: ['cmdallow 1.2.3.4', 'cmddeny 1.2.3', 'cmdallow all 1.2'],
171 | leapsecmode: 'slew',
172 | leapsectz: 'right/UTC',
173 | log_options: 'statistics refclocks',
174 | logbanner: 40,
175 | logchange: 4.0,
176 | maxdistance: 16.0,
177 | maxslewrate: 1000.0,
178 | maxupdateskew: 1000.0,
179 | smoothtime: '400 0.001 leaponly',
180 | rtconutc: true,
181 | hwtimestamps: ['eth0'],
182 | driftfile: '/var/tmp/chrony.drift',
183 | rtcsync: false,
184 | sched_priority: 1,
185 | dumpdir: '/var/tmp',
186 | ntpsigndsocket: '/var/lib/samba/ntp_signd/socket',
187 | ntsserverkey: '/tmp/cert.key',
188 | ntsservercert: '/tmp/cert.pem',
189 | ntsport: 12,
190 | maxntsconnections: 32,
191 | minsources: 22,
192 | minsamples: 33,
193 | acquisitionport: 321,
194 | ntsprocesses: 5,
195 | ntsdumpdir: '/tmp/ntsdump',
196 | ntsntpserver: 'foo.bar',
197 | ntsrotate: 8
198 | }
199 | end
200 |
201 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*leapsecmode slew$}) }
202 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*leapsectz right/UTC$}) }
203 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*maxdistance 16\.0$}) }
204 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*maxslewrate 1000\.0$}) }
205 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*maxupdateskew 1000\.0$}) }
206 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*smoothtime 400 0\.001 leaponly$}) }
207 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*port 123$}) }
208 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*cmdport 257$}) }
209 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*acquisitionport 321$}) }
210 | it { is_expected.to contain_file(config_file).with_content(%r{^s*allow 192\.168/16$}) }
211 | it { is_expected.to contain_file(config_file).with_content(%r{^s*deny 10\.0/16$}) }
212 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*bindaddress 10\.0\.0\.1$}) }
213 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*bindaddress ::1$}) }
214 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*initstepslew 600$}) }
215 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*bindcmdaddress 10\.0\.0\.1$}) }
216 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*cmdallow 1\.2\.3\.4$}) }
217 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*cmddeny 1\.2\.3$}) }
218 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*cmdallow all 1\.2$}) }
219 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*rtconutc$}) }
220 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*hwtimestamp eth0$}) }
221 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*driftfile /var/tmp/chrony.drift$}) }
222 | it { is_expected.to contain_file(config_file).without_content(%r{^\s*rtcsync$}) }
223 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*dumpdir /var/tmp$}) }
224 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*ntpsigndsocket /var/lib/samba/ntp_signd/socket$}) }
225 | it { is_expected.to contain_file(keys_file).with_mode('0123') }
226 | it { is_expected.to contain_file(keys_file).with_owner('steve') }
227 | it { is_expected.to contain_file(keys_file).with_group('mrt') }
228 | it { is_expected.to contain_file(keys_file).with_replace(true) }
229 | it { is_expected.to contain_file(keys_file).with_content(sensitive("0 sunny\n")) }
230 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*ntsserverkey /tmp/cert.key$}) }
231 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*ntsservercert /tmp/cert.pem$}) }
232 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*ntsport 12$}) }
233 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*maxntsconnections 32$}) }
234 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*ntsprocesses 5$}) }
235 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*ntsdumpdir /tmp/ntsdump$}) }
236 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*ntsntpserver foo.bar$}) }
237 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*ntsrotate 8$}) }
238 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*confdir /tmp/chroconf$}) }
239 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*sourcedir /tmp/chrosources$}) }
240 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*log statistics refclocks$}) }
241 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*logbanner 40$}) }
242 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*logchange 4\.0$}) }
243 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*sched_priority 1$}) }
244 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*minsources 22$}) }
245 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*minsamples 33$}) }
246 | end
247 |
248 | describe 'stratumweight' do
249 | context 'by default' do
250 | it { is_expected.not_to contain_file(config_file).with_content(%r{stratumweight}) }
251 | end
252 |
253 | context 'when set' do
254 | let(:params) do
255 | {
256 | stratumweight: 0
257 | }
258 | end
259 |
260 | it { is_expected.to contain_file(config_file).with_content(%r{^stratumweight 0$}) }
261 | end
262 | end
263 |
264 | describe 'servers' do
265 | context 'by default' do
266 | it do
267 | expected_lines = [
268 | 'server 0.pool.ntp.org iburst',
269 | 'server 1.pool.ntp.org iburst',
270 | 'server 2.pool.ntp.org iburst',
271 | 'server 3.pool.ntp.org iburst'
272 | ]
273 | expect(config_file_contents.split("\n") & expected_lines).to eq(expected_lines)
274 | end
275 | end
276 |
277 | context 'when servers is an array' do
278 | let(:params) do
279 | {
280 | servers: ['ntp1.corp.com', 'ntp2.corp.com'],
281 | }
282 | end
283 |
284 | it do
285 | expected_lines = [
286 | 'server ntp1.corp.com iburst',
287 | 'server ntp2.corp.com iburst',
288 | ]
289 | expect(config_file_contents.split("\n") & expected_lines).to eq(expected_lines)
290 | end
291 | end
292 |
293 | context 'when servers is an (unsorted) hash' do
294 | let(:params) do
295 | {
296 | servers: {
297 | 'ntp3.corp.com' => [],
298 | 'ntp1.corp.com' => ['key 25', 'iburst'],
299 | 'ntp4.corp.com' => :undef,
300 | 'ntp2.corp.com' => ['key 25', 'iburst'],
301 | }
302 | }
303 | end
304 |
305 | it do
306 | expected_lines = [
307 | 'server ntp1.corp.com key 25 iburst',
308 | 'server ntp2.corp.com key 25 iburst',
309 | 'server ntp3.corp.com',
310 | 'server ntp4.corp.com',
311 | ]
312 | expect(config_file_contents.split("\n") & expected_lines).to eq(expected_lines)
313 | end
314 | end
315 | end
316 |
317 | describe 'pools' do
318 | context 'by default' do
319 | it { expect(config_file_contents).not_to match(%r{^pool}) }
320 | end
321 |
322 | context 'when pools is an array' do
323 | let(:params) do
324 | {
325 | pools: ['0.pool.ntp.org', '1.pool.ntp.org']
326 | }
327 | end
328 |
329 | it do
330 | expected_lines = [
331 | 'server 0.pool.ntp.org iburst',
332 | 'server 1.pool.ntp.org iburst',
333 | ]
334 | expect(config_file_contents.split("\n") & expected_lines).to eq(expected_lines)
335 | end
336 | end
337 |
338 | context 'when pools is a hash' do
339 | let(:params) do
340 | {
341 | pools: {
342 | '3.pool.ntp.org' => [],
343 | '0.pool.ntp.org' => ['maxsources 4'],
344 | '1.pool.ntp.org' => ['maxsources 4'],
345 | '2.pool.ntp.org' => ['maxsources 4'],
346 | }
347 | }
348 | end
349 |
350 | it do
351 | expected_lines = [
352 | 'pool 0.pool.ntp.org maxsources 4',
353 | 'pool 1.pool.ntp.org maxsources 4',
354 | 'pool 2.pool.ntp.org maxsources 4',
355 | 'pool 3.pool.ntp.org',
356 | ]
357 | expect(config_file_contents.split("\n") & expected_lines).to eq(expected_lines)
358 | end
359 | end
360 | end
361 |
362 | describe 'peers' do
363 | context 'by default' do
364 | it { expect(config_file_contents).not_to match(%r{^peer}) }
365 | end
366 |
367 | context 'when peers is an array' do
368 | let(:params) do
369 | {
370 | peers: ['peer1.example.com', 'peer2.example.com']
371 | }
372 | end
373 |
374 | it do
375 | expected_lines = [
376 | 'peer peer1.example.com',
377 | 'peer peer2.example.com',
378 | ]
379 | expect(config_file_contents.split("\n") & expected_lines).to eq(expected_lines)
380 | end
381 | end
382 |
383 | context 'when peers is a hash' do
384 | let(:params) do
385 | {
386 | peers: {
387 | 'peer1.example.com' => [],
388 | 'peer2.example.com' => ['maxpoll 6'],
389 | 'peer3.example.com' => :undef,
390 | }
391 | }
392 | end
393 |
394 | it do
395 | expected_lines = [
396 | 'peer peer1.example.com',
397 | 'peer peer2.example.com maxpoll 6',
398 | 'peer peer3.example.com',
399 | ]
400 | expect(config_file_contents.split("\n") & expected_lines).to eq(expected_lines)
401 | end
402 | end
403 | end
404 |
405 | context 'empty allow and deny' do
406 | let(:params) do
407 | {
408 | queryhosts: [''],
409 | denyqueryhosts: [''],
410 | }
411 | end
412 |
413 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*allow\s*$}) }
414 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*deny\s*$}) }
415 | end
416 |
417 | context 'unmanaged chrony.keys file' do
418 | let(:params) do
419 | {
420 | config_keys_manage: false,
421 | chrony_password: 'unset'
422 | }
423 | end
424 |
425 | it { is_expected.to contain_file(keys_file).with_replace(false) }
426 | it { is_expected.to contain_file(keys_file).with_content(sensitive('')) }
427 | end
428 |
429 | context 'hwtimestamps as hash' do
430 | let(:params) do
431 | {
432 | hwtimestamps: { 'eth0' => ['minpoll 1', 'maxpoll 7'] }
433 | }
434 | end
435 |
436 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*hwtimestamp eth0 minpoll 1 maxpoll 7$}) }
437 | end
438 |
439 | context 'unmanaged chrony.keys file and password' do
440 | let(:params) do
441 | {
442 | config_keys_manage: false
443 | }
444 | end
445 |
446 | it { is_expected.to raise_error(%r{Setting \$config_keys_manage false and \$chrony_password at same time in chrony is not possible}) }
447 | end
448 |
449 | context 'chrony::service' do
450 | let(:params) do
451 | {
452 | service_ensure: 'running',
453 | service_enable: true,
454 | service_manage: true
455 | }
456 | end
457 |
458 | case facts[:os]['family']
459 | when 'RedHat', 'Suse', 'Archlinux'
460 | context 'using defaults' do
461 | it do
462 | is_expected.to contain_service('chrony-wait.service').with(
463 | ensure: 'stopped',
464 | enable: false
465 | )
466 | end
467 | end
468 | else
469 | context 'using defaults' do
470 | it do
471 | is_expected.not_to contain_service('chrony-wait.service')
472 | end
473 | end
474 | end
475 |
476 | context 'using defaults' do
477 | it do
478 | is_expected.to contain_service('chronyd').with(
479 | ensure: 'running',
480 | enable: true
481 | )
482 | end
483 | end
484 | end
485 |
486 | context 'with wait_manage false' do
487 | let(:params) do
488 | { wait_manage: false }
489 | end
490 |
491 | it do
492 | is_expected.not_to contain_service('chrony-wait.service')
493 | end
494 | end
495 |
496 | context 'with wait_enable true' do
497 | let(:params) do
498 | { wait_enable: true }
499 | end
500 |
501 | case facts[:os]['family']
502 | when 'RedHat', 'Suse', 'Archlinux'
503 | it do
504 | is_expected.to contain_service('chrony-wait.service').with(
505 | ensure: 'stopped',
506 | enable: true
507 | )
508 | end
509 | else
510 | it do
511 | is_expected.not_to contain_service('chrony-wait.service')
512 | end
513 | end
514 | end
515 |
516 | context 'with wait_ensure running' do
517 | let(:params) do
518 | { wait_ensure: 'running' }
519 | end
520 |
521 | case facts[:os]['family']
522 | when 'RedHat', 'Suse', 'Archlinux'
523 | it do
524 | is_expected.to contain_service('chrony-wait.service').with(
525 | ensure: 'running',
526 | enable: false
527 | )
528 | end
529 | else
530 | it do
531 | is_expected.not_to contain_service('chrony-wait.service')
532 | end
533 | end
534 | end
535 |
536 | context 'disable local_stratum' do
537 | let(:params) do
538 | {
539 | local_stratum: false
540 | }
541 | end
542 |
543 | it { is_expected.not_to contain_file(config_file).with_content(%r{^\s*local stratum}) }
544 | end
545 |
546 | context 'local orphan default' do
547 | let(:params) do
548 | {
549 | local_stratum: 10
550 | }
551 | end
552 |
553 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*local stratum 10$\s*$}) }
554 | end
555 |
556 | context 'local orphan enabled' do
557 | let(:params) do
558 | {
559 | local_stratum: 10,
560 | local_orphan: true
561 | }
562 | end
563 |
564 | it { is_expected.to contain_file(config_file).with_content(%r{^\s*local stratum 10 orphan$\s*$}) }
565 | end
566 |
567 | context 'with sub-millisecond value for logchange' do
568 | let(:params) do
569 | {
570 | logchange: 0.0001
571 | }
572 | end
573 |
574 | it { expect(config_file_contents.split("\n")).to include('logchange 0.0001') }
575 | end
576 | end
577 | end
578 | end
579 |
--------------------------------------------------------------------------------
/spec/setup_acceptance_node.pp:
--------------------------------------------------------------------------------
1 | if fact('os.family') == 'redhat' {
2 | file { '/var/run/chrony':
3 | ensure => directory,
4 | }
5 | }
6 |
--------------------------------------------------------------------------------
/spec/spec_helper.rb:
--------------------------------------------------------------------------------
1 | # frozen_string_literal: true
2 |
3 | # Managed by modulesync - DO NOT EDIT
4 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
5 |
6 | # puppetlabs_spec_helper will set up coverage if the env variable is set.
7 | # We want to do this if lib exists and it hasn't been explicitly set.
8 | ENV['COVERAGE'] ||= 'yes' if Dir.exist?(File.expand_path('../lib', __dir__))
9 |
10 | require 'voxpupuli/test/spec_helper'
11 |
12 | RSpec.configure do |c|
13 | c.facterdb_string_keys = false
14 | c.mock_with :rspec
15 | end
16 |
17 | add_mocked_facts!
18 |
19 | if File.exist?(File.join(__dir__, 'default_module_facts.yml'))
20 | facts = YAML.safe_load(File.read(File.join(__dir__, 'default_module_facts.yml')))
21 | facts&.each do |name, value|
22 | add_custom_fact name.to_sym, value
23 | end
24 | end
25 | Dir['./spec/support/spec/**/*.rb'].sort.each { |f| require f }
26 |
--------------------------------------------------------------------------------
/spec/spec_helper_acceptance.rb:
--------------------------------------------------------------------------------
1 | # frozen_string_literal: true
2 |
3 | # Managed by modulesync - DO NOT EDIT
4 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
5 |
6 | require 'voxpupuli/acceptance/spec_helper_acceptance'
7 |
8 | configure_beaker(modules: :metadata)
9 |
10 | Dir['./spec/support/acceptance/**/*.rb'].sort.each { |f| require f }
11 |
--------------------------------------------------------------------------------
/spec/type_aliases/servers_spec.rb:
--------------------------------------------------------------------------------
1 | # frozen_string_literal: true
2 |
3 | require 'spec_helper'
4 |
5 | describe 'Chrony::Servers' do
6 | [
7 | ['ntp1.example.com', 'ntp2.example.com'],
8 | {
9 | 'ntp1.example.com' => [],
10 | 'ntp2.example.com' => ['maxpoll 6'],
11 | },
12 | {},
13 | [],
14 | {
15 | 'ntp1.example.com' => :undef
16 | }
17 | ].each do |value|
18 | describe value.inspect do
19 | it { is_expected.to allow_value(value) }
20 | end
21 | end
22 | end
23 |
--------------------------------------------------------------------------------
/templates/chrony.conf.epp:
--------------------------------------------------------------------------------
1 | # This file is being maintained by Puppet. Do not edit.
2 |
3 | # NTP servers
4 | <% $servers.keys.sort.each |$server| { -%>
5 | <% if $servers[$server].empty { -%>
6 | server <%= $server %>
7 | <% } else { -%>
8 | server <%= $server %> <%= $servers[$server].join(' ') %>
9 | <% } -%>
10 | <% } -%>
11 | <% $pools.keys.sort.each |$pool| { -%>
12 | <% if $pools[$pool].empty { -%>
13 | pool <%= $pool %>
14 | <% } else { -%>
15 | pool <%= $pool %> <%= $pools[$pool].join(' ') %>
16 | <% } -%>
17 | <% } -%>
18 | <% $peers.keys.sort.each |$peer| { -%>
19 | <% if $peers[$peer].empty { -%>
20 | peer <%= $peer %>
21 | <% } else { -%>
22 | peer <%= $peer %> <%= $peers[$peer].join(' ') %>
23 | <% } -%>
24 | <% } -%>
25 | <% if $chrony::sourcedir { -%>
26 |
27 | # The sourcedir directive is identical to the confdir directive, except the configuration files have the .sources suffix, they can only specify NTP sources.
28 | sourcedir <%= $chrony::sourcedir %>
29 | <% } -%>
30 | <% if $chrony::confdir { -%>
31 |
32 | # The confdir directive includes configuration files with the .conf suffix from a directory.
33 | confdir <%= $chrony::confdir %>
34 | <% } -%>
35 | <% if $chrony::stratumweight { -%>
36 |
37 | # How much distance should be added per stratum to the synchronisation distance when
38 | # chronyd selects the synchronisation source from available sources.
39 | stratumweight <%= $chrony::stratumweight %>
40 | <% } -%>
41 |
42 | # Record the rate at which the system clock gains/losses time.
43 | driftfile <%= $chrony::driftfile %>
44 | <% if $chrony::rtcsync { -%>
45 |
46 | # Enable kernel RTC synchronization.
47 | rtcsync
48 | <% } -%>
49 | <% if $chrony::makestep_seconds and $chrony::makestep_updates { -%>
50 |
51 | # In first <%= $chrony::makestep_updates %> updates step the system clock instead of slew
52 | # if the adjustment is larger than <%= $chrony::makestep_seconds %> seconds.
53 | makestep <%= $chrony::makestep_seconds %> <%= $chrony::makestep_updates %>
54 | <% } -%>
55 | <% unless $chrony::denyqueryhosts.empty { -%>
56 |
57 | # Deny client access.
58 | <% $chrony::denyqueryhosts.each |$denied| { -%>
59 | deny <%= $denied %>
60 | <% } -%>
61 | <% } -%>
62 | <% unless $chrony::queryhosts.empty { -%>
63 |
64 | # Allow client access.
65 | <% $chrony::queryhosts.each |$allowed| { -%>
66 | allow <%= $allowed %>
67 | <% } -%>
68 | <% } -%>
69 | <% if $chrony::cmdport { -%>
70 | cmdport <%= $chrony::cmdport %>
71 | <% } -%>
72 | <% unless $chrony::bindcmdaddress.empty { -%>
73 |
74 | <% $chrony::bindcmdaddress.each |$addr| { -%>
75 | bindcmdaddress <%= $addr %>
76 | <% } -%>
77 | <% } -%>
78 | <% $chrony::cmdacl.each |$acl| { -%>
79 | <%= $acl %>
80 | <% } -%>
81 | <% unless $chrony::bindaddress.empty { -%>
82 |
83 | # Bind to a specific address
84 | <% $chrony::bindaddress.each |$addr| { -%>
85 | bindaddress <%= $addr %>
86 | <% } -%>
87 | <% } -%>
88 | <% unless $chrony::acquisitionport.empty { -%>
89 | acquisitionport <%= $chrony::acquisitionport %>
90 | <% } -%>
91 | <% if $chrony::initstepslew { -%>
92 |
93 | # Allow chronyd to make a rapid measurement of the system clock error at boot time,
94 | # and to correct the system clock by stepping before normal operation begins.
95 | initstepslew <%= $chrony::initstepslew %>
96 | <% } -%>
97 | <% if $chrony::port { -%>
98 |
99 | # http://chrony.tuxfamily.org/manual.html#port-directive
100 | port <%= $chrony::port %>
101 | <% } -%>
102 | <% if $chrony::local_stratum { -%>
103 |
104 | # Serve time even if not synchronized to any NTP server.
105 | local stratum <%= $chrony::local_stratum %><%= if $chrony::local_orphan {' orphan'} else {''} %>
106 | <% } -%>
107 | <% if $chrony::minsamples { -%>
108 |
109 | # https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#minsamples
110 | minsamples <%= $chrony::minsamples %>
111 | <% } -%>
112 | <% if $chrony::minsources { -%>
113 |
114 | # https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#minsources
115 | minsources <%= $chrony::minsources %>
116 | <% } -%>
117 | <% unless empty($chrony::config_keys) { -%>
118 |
119 | keyfile <%= $chrony::config_keys %>
120 | <% } -%>
121 | <% if $chrony::dumpdir { -%>
122 |
123 | # Save the measurement history for the servers to files on exit.
124 | dumponexit
125 | dumpdir <%= $chrony::dumpdir %>
126 | <% } -%>
127 | <% if $chrony::ntpsigndsocket { -%>
128 | ntpsigndsocket <%= $chrony::ntpsigndsocket %>
129 | <% } -%>
130 | <% unless $chrony::clientlog { -%>
131 |
132 | # Disable logging of client accesses.
133 | noclientlog
134 | <% } -%>
135 | <% if $chrony::clientloglimit { -%>
136 |
137 | # The clientlog size is limited to 512KB by default. If you have many
138 | # clients, especially in many different subnets, you might want to
139 | # increase the limit.
140 | clientloglimit <%= $chrony::clientloglimit %>
141 | <% } -%>
142 |
143 | # Send a message to syslog if a clock adjustment is larger than the specified threshold
144 | logchange <%= $chrony::logchange %>
145 | <% if $chrony::mailonchange { -%>
146 |
147 | # Send mail if chronyd applied a correction exceeding given threshold.
148 | mailonchange <%= $chrony::mailonchange %> <%= $chrony::threshold %>
149 | <% } -%>
150 |
151 | logdir /var/log/chrony
152 | <% if $chrony::logbanner { -%>
153 | logbanner <%= $chrony::logbanner %>
154 | <% } -%>
155 | <% if $chrony::log_options { -%>
156 | log <%= $chrony::log_options %>
157 | <% } -%>
158 | <% unless $chrony::refclocks.empty { -%>
159 |
160 | <% $chrony::refclocks.each |$driver| { -%>
161 | refclock <%= $driver.flatten.join(' ') %>
162 | <% } -%>
163 | <% } -%>
164 | <% if $chrony::lock_all { -%>
165 |
166 | # Lock chrony to RAM.
167 | lock_all
168 | <% } -%>
169 | <% if $chrony::sched_priority { -%>
170 | sched_priority <%= $chrony::sched_priority %>
171 | <% } -%>
172 | <% if $chrony::leapsecmode { -%>
173 |
174 | # https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#leapsecmode
175 | leapsecmode <%= $chrony::leapsecmode %>
176 | <% } -%>
177 | <% if $chrony::leapsectz { -%>
178 |
179 | # https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#leapsectz
180 | leapsectz <%= $chrony::leapsectz %>
181 | <% } -%>
182 | <% if $chrony::maxdistance { -%>
183 |
184 | # https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#maxdistance
185 | maxdistance <%= $chrony::maxdistance %>
186 | <% } -%>
187 | <% if $chrony::maxupdateskew { -%>
188 |
189 | # https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#maxupdateskew
190 | maxupdateskew <%= $chrony::maxupdateskew %>
191 | <% } -%>
192 | <% if $chrony::maxslewrate { -%>
193 |
194 | # https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#maxslewrate
195 | maxslewrate <%= $chrony::maxslewrate %>
196 | <% } -%>
197 | <% if $chrony::ntsserverkey { -%>
198 |
199 | # https://chrony.tuxfamily.org/doc/4.0/chrony.conf.html#ntsserverkey
200 | ntsserverkey <%= $chrony::ntsserverkey %>
201 | <% } -%>
202 | <% if $chrony::ntsservercert { -%>
203 |
204 | # https://chrony.tuxfamily.org/doc/4.0/chrony.conf.html#ntsservercert
205 | ntsservercert <%= $chrony::ntsservercert %>
206 | <% } -%>
207 | <% if $chrony::ntsport { -%>
208 |
209 | # https://chrony.tuxfamily.org/doc/4.0/chrony.conf.html#ntsport
210 | ntsport <%= $chrony::ntsport %>
211 | <% } -%>
212 | <% if $chrony::maxntsconnections { -%>
213 |
214 | # https://chrony.tuxfamily.org/doc/4.0/chrony.conf.html#maxntsconnections
215 | maxntsconnections <%= $chrony::maxntsconnections %>
216 | <% } -%>
217 | <% if $chrony::ntsprocesses { -%>
218 |
219 | # https://chrony.tuxfamily.org/doc/4.0/chrony.conf.html#ntsprocesses
220 | ntsprocesses <%= $chrony::ntsprocesses %>
221 | <% } -%>
222 | <% if $chrony::ntsdumpdir { -%>
223 |
224 | # https://chrony.tuxfamily.org/doc/4.0/chrony.conf.html#ntsdumpdir
225 | ntsdumpdir <%= $chrony::ntsdumpdir %>
226 | <% } -%>
227 | <% if $chrony::ntsntpserver { -%>
228 |
229 | # https://chrony.tuxfamily.org/doc/4.0/chrony.conf.html#ntsntpserver
230 | ntsntpserver <%= $chrony::ntsntpserver %>
231 | <% } -%>
232 | <% if $chrony::ntsrotate { -%>
233 |
234 | # https://chrony.tuxfamily.org/doc/4.0/chrony.conf.html#ntsrotate
235 | ntsrotate <%= $chrony::ntsrotate %>
236 | <% } -%>
237 | <% if $chrony::smoothtime { -%>
238 |
239 | # https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#smoothtime
240 | smoothtime <%= $chrony::smoothtime %>
241 | <% } -%>
242 | <% if $chrony::rtconutc { -%>
243 |
244 | # https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#rtconutc
245 | rtconutc
246 | <% } -%>
247 | <% unless $chrony::hwtimestamps.empty { -%>
248 |
249 | # Enable hardware timestamping of NTP packets sent to and received from the specified
250 | # network interface. If the specified interface is *, chronyd will try to enable HW
251 | # timestamping on all available interfaces.
252 | <% $chrony::hwtimestamps.each |$interface| { -%>
253 | hwtimestamp <%= $interface.flatten.join(' ') %>
254 | <% } -%>
255 | <% } -%>
256 |
--------------------------------------------------------------------------------
/templates/chrony.keys.epp:
--------------------------------------------------------------------------------
1 | <% |
2 | String[1] $chrony_password,
3 | NotUndef $commandkey,
4 | Array[String[1]] $keys,
5 | | -%>
6 | <% if $chrony_password != 'unset' { -%>
7 | <%= $commandkey %> <%= $chrony_password %>
8 | <% } -%>
9 | <% $keys.each |$line| { -%>
10 | <%= $line %>
11 | <% } -%>
12 |
--------------------------------------------------------------------------------
/types/servers.pp:
--------------------------------------------------------------------------------
1 | # @summary Type for the `servers`, `pools` and `peers` parameters.
2 | #
3 | # This type is for the `servers`, `pools` and `peers` parameters.
4 | #
5 | # @example A hash of servers
6 | # {
7 | # 'ntp1.example.com => [
8 | # 'minpoll 3',
9 | # 'maxpoll 6',
10 | # ],
11 | # 'ntp2.example.com => [
12 | # 'iburst',
13 | # 'minpoll 4',
14 | # 'maxpoll 8',
15 | # ],
16 | # }
17 | #
18 | # @example An array of servers
19 | # [
20 | # 'ntp1.example.com',
21 | # 'ntp2.example.com',
22 | # ]
23 | type Chrony::Servers = Variant[
24 | Hash[Stdlib::Host, Optional[Array[String]]],
25 | Array[Stdlib::Host],
26 | ]
27 |
--------------------------------------------------------------------------------